PowerShell Exec MCP Server

Args: code: PowerShell code to execute timeout: Command timeout in seconds (1-300, default 60) ctx: MCP context for logging and progress reporting Returns: Command output as string

Args: properties: List of ComputerInfo properties to retrieve (optional) timeout: Command timeout in seconds (1-300, default 60)

Args: name: Filter services by name (supports wildcards) status: Filter by status (Running, Stopped, etc.) timeout: Command timeout in seconds (1-300, default 60)

Args: name: Filter processes by name (supports wildcards) top: Limit to top N processes sort_by: Property to sort by (e.g., CPU, WorkingSet) timeout: Command timeout in seconds (1-300, default 60)

Args: logname: Name of the event log (System, Application, Security, etc.) newest: Number of most recent events to retrieve (default 10) level: Filter by event level (1: Critical, 2: Error, 3: Warning, 4: Information) timeout: Command timeout in seconds (1-300, default 60)

Args: template_name: Name of the template to use (without .ps1 extension) parameters: Dictionary of parameters to replace in the template output_path: Where to save the generated script (optional) timeout: Command timeout in seconds (1-300, default 60) Returns: Generated script content or path where script was saved

Args: description: Natural language description of what the script should do script_type: Type of script to generate (file_ops, service_mgmt, etc.) parameters: List of parameters the script should accept include_logging: Whether to include logging functions include_error_handling: Whether to include error handling output_path: Where to save the generated script (optional) timeout: Command timeout in seconds (1-300, default 60) Returns: Generated script content or path where script was saved

Creates a PowerShell remediation script that follows Microsoft Intune best practices: - Proper exit codes (0=success, 1=failure, 2=error) - Event log integration for monitoring and troubleshooting - System restore point creation before making changes - Comprehensive error handling and logging - No user interaction (required for Intune deployment) ⚠️ IMPORTANT: For complete Intune compliance, you need BOTH detection and remediation scripts. Consider using 'generate_intune_script_pair' instead to create both scripts together. Microsoft References: - Intune Remediation Scripts: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations - Best Practices: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations-script-samples - PowerShell Script Requirements: https://docs.microsoft.com/en-us/mem/intune/apps/intune-management-extension - Exit Code Standards: https://docs.microsoft.com/en-us/mem/intune/apps/troubleshoot-mam-app-installation#exit-codes Args: description: Clear description of what the script should remediate (e.g., 'Install Chrome browser', 'Configure Windows firewall') remediation_logic: PowerShell code that performs the remediation. Use 'Complete-Remediation -Success $true -Message "description"' to indicate completion output_path: Optional file path where the script will be saved. If not provided, returns script content timeout: Command timeout in seconds (1-300, default 60) Returns: Generated script content or path where script was saved Example: Generate a script to install Chrome: ``` result = await generate_intune_remediation_script( description="Install Chrome browser to latest version", remediation_logic=''' $installer = "$env:TEMP\ChromeSetup.exe" Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer Start-Process -FilePath $installer -Args "/silent /install" -Wait Remove-Item $installer -Force Complete-Remediation -Success $true -Message "Chrome installation completed successfully" ''', output_path="remediate_chrome.ps1" ) ``` Tips: - Always use Complete-Remediation function to set proper exit codes - Test your remediation_logic in a safe environment first - Consider creating a system restore point for major changes - Use Write-IntuneLog for detailed logging and troubleshooting - Ensure no user interaction is required (scripts run silently)

This is the RECOMMENDED tool for Intune compliance as it creates both required scripts: - Detection script: Checks current system state and determines compliance - Remediation script: Fixes non-compliant conditions with proper safeguards Both scripts follow Microsoft Intune best practices: - Proper exit codes (Detection: 0=compliant, 1=non-compliant, 2=error; Remediation: 0=success, 1=failure, 2=error) - Event log integration for centralized monitoring - System restore points before changes (remediation only) - Comprehensive error handling and logging - No user interaction (silent execution required) Microsoft References: - Intune Remediation Scripts Overview: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations - Script Deployment Best Practices: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations-script-samples - PowerShell Requirements: https://docs.microsoft.com/en-us/mem/intune/apps/intune-management-extension - Exit Code Standards: https://docs.microsoft.com/en-us/mem/intune/apps/troubleshoot-mam-app-deployment - Monitoring and Reporting: https://docs.microsoft.com/en-us/mem/intune/fundamentals/remediations-monitor Args: description: Clear description of what the scripts should detect and remediate (e.g., 'Ensure Chrome browser is installed with latest version') detection_logic: PowerShell code that performs the compliance check. Use 'Complete-Detection -Compliant $true/$false -Message "status"' to indicate result remediation_logic: PowerShell code that fixes non-compliant conditions. Use 'Complete-Remediation -Success $true/$false -Message "result"' to indicate completion output_dir: Optional directory to save both scripts. If not provided, returns script content in response timeout: Command timeout in seconds (1-300, default 60) Returns: Dictionary containing both scripts: {"detection_script": "content/path", "remediation_script": "content/path"} Example: Generate scripts to manage Chrome browser installation: ``` result = await generate_intune_script_pair( description="Ensure Chrome browser is installed with version 100.0.0.0 or higher", detection_logic=''' try { $app = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe" -ErrorAction Stop $version = (Get-Item $app.'(Default)').VersionInfo.FileVersion $compliant = [version]$version -ge [version]"100.0.0.0" Complete-Detection -Compliant $compliant -Message "Chrome version: $version (Required: 100.0.0.0+)" } catch { Complete-Detection -Compliant $false -Message "Chrome not found or inaccessible" } ''', remediation_logic=''' try { $installer = "$env:TEMP\ChromeSetup.exe" Write-IntuneLog "Downloading Chrome installer..." Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing Write-IntuneLog "Installing Chrome silently..." Start-Process -FilePath $installer -Args "/silent /install" -Wait Remove-Item $installer -Force Complete-Remediation -Success $true -Message "Chrome installation completed successfully" } catch { Complete-Remediation -Success $false -Message "Chrome installation failed: $($_.Exception.Message)" } ''', output_dir="chrome_intune_scripts" ) ``` Tips: - Always test both scripts in a controlled environment first - Use descriptive logging messages for easier troubleshooting - Consider the impact of remediation actions (e.g., system restarts, user disruption) - Use Write-IntuneLog for detailed progress tracking - Ensure detection logic is fast and efficient (runs frequently) - Make remediation logic idempotent (safe to run multiple times)

Creates a PowerShell relevance script that follows IBM BigFix best practices: - Proper output format (TRUE/FALSE for BigFix consumption) - BigFix client log integration for monitoring - Event log integration for troubleshooting - Comprehensive error handling and logging - Fast execution optimized for frequent evaluations 💡 TIP: For complete BigFix deployments, you need BOTH relevance and action scripts. Consider using 'generate_bigfix_script_pair' to create both scripts together with matching logic. IBM BigFix References: - Relevance Language Guide: https://help.hcltechsw.com/bigfix/11.0/relevance/Relevance/c_relevance_language.html - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html - Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html Args: description: Clear description of what the script should check (e.g., 'Check if Chrome needs updating', 'Verify Windows patches are current') relevance_logic: PowerShell code that determines relevance. Use 'Complete-Relevance -Relevant $true/$false -Message "status"' to indicate result output_path: Optional file path where the script will be saved. If not provided, returns script content timeout: Command timeout in seconds (1-300, default 60) Returns: Generated script content or path where script was saved Example: Generate a script to check if Chrome needs updating: ``` result = await generate_bigfix_relevance_script( description="Check if Chrome browser needs updating to version 100.0.0.0 or higher", relevance_logic=''', try { $app = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe" -ErrorAction Stop $version = (Get-Item $app.'(Default)').VersionInfo.FileVersion $needsUpdate = [version]$version -lt [version]"100.0.0.0" Complete-Relevance -Relevant $needsUpdate -Message "Chrome version: $version (Target: 100.0.0.0+)" } catch { Complete-Relevance -Relevant $true -Message "Chrome not found or inaccessible - installation needed" } ''', output_path="chrome_relevance.ps1" ) ``` Tips: - Keep relevance logic fast and efficient (evaluated frequently) - Return TRUE when action is needed, FALSE when compliant - Always use Complete-Relevance function for proper BigFix output format - Use try-catch blocks for robust error handling - Test relevance logic thoroughly across different environments - Use Write-BigFixLog for detailed progress tracking

Creates a PowerShell action script that follows IBM BigFix best practices: - Proper exit codes (0=success, 1=retryable failure, 2=non-retryable failure) - BigFix client log integration for monitoring - System restore point creation before changes - Comprehensive error handling and logging - Event log integration for troubleshooting ⚠️ IMPORTANT: For complete BigFix deployments, you need BOTH relevance and action scripts. Consider using 'generate_bigfix_script_pair' instead to create both scripts together. IBM BigFix References: - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html - Exit Codes: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_action_script_exit_codes.html - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html - Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html Args: description: Clear description of what the script should accomplish (e.g., 'Install Chrome browser', 'Configure Windows firewall') action_logic: PowerShell code that performs the action. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion output_path: Optional file path where the script will be saved. If not provided, returns script content timeout: Command timeout in seconds (1-300, default 60) Returns: Generated script content or path where script was saved Example: Generate a script to install Chrome: ``` result = await generate_bigfix_action_script( description="Install Chrome browser to latest version", action_logic=''' try { $installer = "$env:TEMP\ChromeSetup.exe" Write-BigFixLog "Downloading Chrome installer..." Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing Write-BigFixLog "Installing Chrome silently..." Start-Process -FilePath $installer -Args "/silent /install" -Wait Remove-Item $installer -Force Complete-Action -Result "Success" -Message "Chrome installation completed successfully" } catch { Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)" } ''', output_path="chrome_action.ps1" ) ``` Tips: - Always use Complete-Action function to set proper exit codes - Use "Success" for completed actions - Use "RetryableFailure" for temporary issues (network, locks, etc.) - Use "NonRetryableFailure" for permanent issues (unsupported OS, etc.) - Test action logic in safe environments first - Consider creating system restore points for major changes - Use Write-BigFixLog for detailed logging and troubleshooting - Make actions idempotent (safe to run multiple times)

This is the RECOMMENDED tool for BigFix fixlet creation as it creates both required scripts: - Relevance script: Determines which computers need the action (TRUE/FALSE output) - Action script: Performs the necessary changes with proper error handling Both scripts follow IBM BigFix best practices: - Proper BigFix output formats and exit codes - BigFix client log integration for centralized monitoring - System restore points before changes (action only) - Comprehensive error handling and logging - Event log integration for troubleshooting - No user interaction (silent execution required) IBM BigFix References: - Fixlet Development: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_fixlets.html - Relevance Language: https://help.hcltechsw.com/bigfix/11.0/relevance/Relevance/c_relevance_language.html - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html - Testing Guidelines: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_testing_fixlets.html Args: description: Clear description of what the scripts should accomplish (e.g., 'Manage Chrome browser installation and updates') relevance_logic: PowerShell code that determines if action is needed. Use 'Complete-Relevance -Relevant $true/$false -Message "status"' to indicate result action_logic: PowerShell code that performs the remediation. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion output_dir: Optional directory to save both scripts. If not provided, returns script content in response timeout: Command timeout in seconds (1-300, default 60) Returns: Dictionary containing both scripts: {"relevance_script": "content/path", "action_script": "content/path"} Example: Generate scripts to manage Chrome browser installation: ``` result = await generate_bigfix_script_pair( description="Manage Chrome browser installation with version 100.0.0.0 or higher", relevance_logic=''', try { $app = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe" -ErrorAction Stop $version = (Get-Item $app.'(Default)').VersionInfo.FileVersion $needsAction = [version]$version -lt [version]"100.0.0.0" Complete-Relevance -Relevant $needsAction -Message "Chrome version: $version (Target: 100.0.0.0+)" } catch { Complete-Relevance -Relevant $true -Message "Chrome not found - installation needed" } ''', action_logic=''', try { $installer = "$env:TEMP\ChromeSetup.exe" Write-BigFixLog "Downloading Chrome installer..." Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing Write-BigFixLog "Installing Chrome silently..." Start-Process -FilePath $installer -Args "/silent /install" -Wait Remove-Item $installer -Force Complete-Action -Result "Success" -Message "Chrome installation completed successfully" } catch { Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)" } ''', output_dir="chrome_bigfix_scripts" ) ``` Tips: - Always test both scripts in a controlled environment first - Ensure relevance logic matches the conditions that action script addresses - Use descriptive logging messages for easier troubleshooting - Consider the scope and impact of actions (test groups first) - Make sure relevance logic is efficient (evaluated frequently) - Ensure action logic is idempotent (safe to run multiple times) - Use Write-BigFixLog for detailed progress tracking - Test across different OS versions and configurations

Args: code: PowerShell code to execute timeout: Command timeout in seconds (1-300, default 60) ctx: MCP context for logging and progress reporting Returns: Command output as string with execution details