Automatically clear the Imprivata data partition on IGEL ThinClient from a windows computer
Currently I stumbled upon a request to clear the Imprivata data partition on hundreds of IGEL ThinClients.
Normally you fire up Igel Universal Management Suite (UMS) and create a new profile with the following setting enabled:
After applying this policy you have the choice to apply it now or on next reboot. If you select now the user gets a prompt and if he clicks “No” you screwed 😉
If you select on next reboot then you have to hope that the user is rebooting the device (shutdown != reboot)
What I also saw is after the partition is cleared the device reboots sometimes itself and sometimes not so you had to manually check if the device was rebooted *bummer*…
So due to the fact that I have no good feelings about the process mentioned above and that I haven’t had the chance to fire the command on all machines at the same time with the policy because users where working, I had to do it “manually” on preselected devices outside the office hours.
During a chat with Victor Pineiro from Imprivata support he gave me an command which removes the data partition and mentioned that plink.exe gives you the powers to run commands remote on a linux device. (Awesome guy!)
Based on that I knitted together the following PowerShell script which runs plink.exe against a list of IGEL ThinClients (igels.txt), fireing commands (commands.txt) which clearing the Imprivata data partition and rebooting the ThinClients.
Here’s the magic piece:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
<# .SYNOPSIS This script removes the Imprivata data partition on IGEL ThinClients and reboot the ThinClient .DESCRIPTION This script removes the Imprivata data partition on IGEL ThinClients and reboot the ThinClient. Requirements: - plink.exe https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html - IP addresses of IGEL ThinClients in igels.txt (one at a line) - The commands which will run on the linux boxes in commands.txt As usual: All credits to Victor Pineiro (Imprivata Support)! .EXAMPLE PS C:\PSScript > .\ClearImprivataDataPartition.ps1 The script will run without parameters. .INPUTS none .OUTPUTS None .NOTES AUTHOR: Markus Zehnle (markus.zehnle@gmail.com) CREATION DATE: 2019-08-08 VERSION: 1.0 CHANGELOG: v1.0 / 2019-08-08 / Markus Zehnle: - Initial script development #> "Starting..." "" # Edit the following variables according your needs. (Use your brain!) # location of plink.exe: $plinkLocation = "C:\PSScript\plink.exe" # Username to connect to Linux device: $sshUsr = "root" # Password to connect to Linux device: $sshPwd = "toor" # If you wanna be more secure use PSCredentials ;) # txt file with commands: $commandsLocation = "C:\PSScript\commands.txt" # txt file with IPs of IGELs: $ipAddresses = Get-Content "C:\PSScript\igels.txt" # optinally: if you wanna provide the IPs by an array use the following: #$ipAddresses = @("192.168.1.10","192.168.1.11","192.168.1.12") ForEach($ipAddress in $ipAddresses) { "SSH into $ipAddress" # starting plink thru "cmd /c echo Y" that the SSH host key will be auto accepted (in case you havent ssh'ed into the linux machine from your box runnig this script) # cmd will then fire up plink.exe with the -ssh -pwd and -m parameters: # https://the.earth.li/~sgtatham/putty/0.72/htmldoc/Chapter7.html#plink-usage Start-Process -FilePath cmd.exe -ArgumentList "/c echo y | $plinkLocation -ssh $sshUsr@$ipaddress -pw $sshPwd -m $commandsLocation" "plink on $ipAddress finsihed" "" } "Script End..." |
|
1 2 |
rm -rf /.imprivata_data/runtime reboot |
|
1 2 3 4 |
192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 |