script to get information on biometric device on the endpoint machine

import os

from subprocess import PIPE, Popen

import ctypes

​

class disable_file_system_redirection:

    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection

    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection

    def __enter__(self):

        self.old_value = ctypes.c_long()

        self.success = self._disable(ctypes.byref(self.old_value))

    def __exit__(self, type, value, traceback):

        if self.success:

            self._revert(self.old_value)

class ExecutionPolicy:

    def __enter__(self):

        with disable_file_system_redirection():

            #getting current executionpolicy

            self.old_policy = os.popen('powershell "Get-ExecutionPolicy"').read().strip()

            #setting execution policy to RemoteSigned

            os.popen('powershell "Set-ExecutionPolicy RemoteSigned"').read()

    def __exit__(self, type, value, traceback):

        with disable_file_system_redirection():

            #setting execution policy back to previous policy

            os.popen('powershell "Set-ExecutionPolicy %s"'%(self.old_policy)).read()

​

def ecmd(command):

    from subprocess import Popen, PIPE

    import ctypes

    with disable_file_system_redirection():

        obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)

    out, err = obj.communicate()

    ret=obj.returncode

    return ret,out,err

​

PScontent = r"""

Get-CimInstance -ClassName Win32_PnPEntity |Where-Object -Property "PNPClass" -Like "Biometric"

"""

​

ps_name='powershell_file.ps1'

ps_path=os.path.join(os.environ['TEMP'], ps_name)

with open(ps_path, 'wb') as wr:

    wr.write(PScontent)

​

with ExecutionPolicy():      

    ret,out,err = ecmd('powershell "%s"'%ps_path)

​

if ret==0:

    if out:

        print(out)

    else:

        print("couldn't get any biometric informations")

else:

    print(ret)

    print(err)