BigBrother v1.7
Log In or Register to download the BES file, and more.

0 Votes

Description

Lost or Stolen laptop but still reporting into the console?

Deploy BigBrother to force enablement of location services, allow application access and get an approximate location using the BigBrother analysis.

Note: Location services will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and the IP address to determine the device’s location. Depending on the capabilities of the device, the location can be determined with varying degrees of accuracy (accuracy results are reported in the BigBrother analysis).

Tested on Windows 10 and Windows 11

DISCLAIMER: This task is intended to be used responsibly and solely for the recovery of assets


Property Details

ID27352
StatusProduction - Fully Tested and Ready for Production
TitleBigBrother v1.7
DomainBESC
CategoryAsset Management / Forensics
Sourcemichael.english@hcl-software.com
Source Release Date7/14/2024 12:00:00 AM
KeywordsLocate lost or stolen devices
Is TaskTrue
Added by on 7/23/2024 2:15:44 PM
Last Modified by on 7/23/2024 2:15:44 PM
Counters 389 Views / 2 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
((windows of it and name of it as lowercase does not start with "win20") of operating system)

Actions

Action 1 (default)

Action Link Click here to deploy BigBrother
Script Type BigFix Action Script
//BigBrother
//Force Location services ON and allow application access
delete "c:\windows\temp\bb1.ps1"
delete __createfile
createfile until _THEEND_
$RegName = "LetAppsAccessLocation"
$RegValue = 1
$RegPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy"
If ((Test-Path $RegPath) -eq $false){{
New-Item -Path $RegPath -ItemType Directory
}
If (-!(Get-ItemProperty -Path $RegPath -Name $RegName -ErrorAction SilentlyContinue)){{
New-ItemProperty -Path $RegPath -Name $RegName -Value $RegValue
}
else{{
Set-ItemProperty -Path $RegPath -Name $RegName -Value $RegValue
}
_THEEND_
move __createfile "c:\windows\temp\bb1.ps1"
waithidden powershell -ExecutionPolicy Bypass -command "c:\windows\temp\bb1.ps1"

//------------------------------------------------------------------------------

//Get Location
delete "c:\windows\temp\bb"
delete "c:\windows\temp\bb2.ps1"
delete __createfile
createfile until _THEEND_
Add-Type -AssemblyName System.Device
$BigBrother = New-Object System.Device.Location.GeoCoordinateWatcher(1)
$BigBrother.Start()
while (($BigBrother.Status -ne 'Ready') -and ($BigBrother.Permission -ne 'Denied')) {{
Start-Sleep -Seconds 3
}
if ($BigBrother.Permission -eq 'Denied'){{
Write-Error 'Access Denied (most likely location services is not turned on)'
} else {{
$BigBrother.Position.Location | Select *
}
_THEEND_
move __createfile "c:\windows\temp\bb2.ps1"
waithidden powershell -ExecutionPolicy Bypass -command "c:\windows\temp\bb2.ps1 2>&1 > C:\windows\temp\bb"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here to turn off location services
Script Type BigFix Action Script
// BigBrother
//Turn off Location services
delete "c:\windows\temp\bb"
delete "c:\windows\temp\bb1.ps1"
delete __createfile
createfile until _THEEND_
$Name = "LetAppsAccessLocation"
$Value = 2
$Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy"
If ((Test-Path $Path) -eq $false){{
New-Item -Path $Path -ItemType Directory
}
If (-!(Get-ItemProperty -Path $Path -Name $name -ErrorAction SilentlyContinue)){{
New-ItemProperty -Path $Path -Name $Name -Value $Value
}
else{{
Set-ItemProperty -Path $Path -Name $Name -Value $Value
}
_THEEND_
move __createfile "c:\windows\temp\bb1.ps1"
waithidden powershell -ExecutionPolicy Bypass -command "c:\windows\temp\bb1.ps1"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!