platforms.win32¶

Windows platform implementation: system information, command support, registry management, and service management.

Win32PlatformInfo¶

class Win32PlatformInfo[source]¶

Bases: object

Windows implementation of PlatformInfo.

Retrieves system information using Windows-specific commands: - PowerShell / wmic for serial numbers - os.getlogin() / environment variables for console user - net user / PowerShell for user full names

invalid_users: ClassVar[tuple[str, ...]] = ('', 'SYSTEM', 'LOCAL SERVICE', 'NETWORK SERVICE')¶

get_serial_number() → str | None[source]¶

Get serial number via PowerShell (Get-CimInstance).

Falls back to wmic if PowerShell is unavailable.

Returns:: Hardware serial number, or None on failure
Return type:: str | None

get_console_user() → tuple[str, int, Path] | None[source]¶

Get the currently logged-in user on Windows.

Uses os.getlogin() for the username, and Path.home() for the home directory. Windows does not use UIDs in the same way as Unix; we return 0 as a placeholder.

Returns:: Tuple of (username, uid, home_path), or None
Return type:: tuple[str, int, Path] | None

get_hostname() → str[source]¶

Retrieve system hostname.

Returns:: System hostname
Return type:: str

get_user_full_name(username: str) → str | None[source]¶

Get full name for a Windows user via PowerShell or net user.

Parameters:: username (str) – Username to look up
Returns:: Full display name, or None on failure
Return type:: str | None

get_os_version_label() → str[source]¶

Return Windows version label for logging.

Returns:: e.g. “Windows Version: 10.0.22631”
Return type:: str

Win32CommandSupport¶

class Win32CommandSupport[source]¶

Bases: object

Windows implementation of PlatformCommandSupport.

Uses runas for running commands as another user. Note: Windows runas prompts for a password interactively, so automated run-as-user is limited. For Intune scripts running as SYSTEM, consider using scheduled tasks or PowerShell remoting.

property min_user_uid: int[source]¶

Minimum UID threshold on Windows.

Windows does not use numeric UIDs like Unix. This returns 0 since UID validation is not applicable on Windows.

Returns:: 0
Return type:: int

run_as_user_command(command: list[str], username: str, uid: int) → list[str][source]¶

Wrap command with runas for Windows.

Note: runas requires interactive password input. For non-interactive execution in MDM contexts, consider using PowerShell Start-Process -Credential or scheduled tasks.

Parameters:

command (list[str]) – Original command arguments
username (str) – Target username
uid (int) – Target user UID (unused on Windows)

Returns:

Command prefixed with runas

Return type:

list[str]

validate_user(username: str | None, uid: int | None) → bool[source]¶

Validate user info for Windows.

On Windows, we only check that a username is provided and contains valid characters. UID is not used.

Parameters:

username (str | None) – Username to validate
uid (int | None) – User ID (ignored on Windows)

Returns:

True if valid

Return type:

bool

Win32Registry¶

class Win32Registry[source]¶

Bases: object

Read, write, and delete Windows registry values.

Wraps the winreg stdlib module for non-raising registry operations. Hive constants are exposed as class attributes for convenience.

Example:

>>> val = Win32Registry.read(
...     Win32Registry.HKLM,
...     r"SOFTWARE\Microsoft\Windows NT\CurrentVersion",
...     "ProductName",
... )

HKCR: int = 2147483648¶

HKCU: int = 2147483649¶

HKLM: int = 2147483650¶

HKU: int = 2147483651¶

REG_SZ: int = 1¶

REG_EXPAND_SZ: int = 2¶

REG_BINARY: int = 3¶

REG_DWORD: int = 4¶

REG_MULTI_SZ: int = 7¶

REG_QWORD: int = 11¶

static read(hive: int, subkey: str, value_name: str) → str | int | bytes | None[source]¶

Read a registry value.

Parameters:

hive (int) – Registry hive (e.g., Win32Registry.HKLM)
subkey (str) – Registry subkey path
value_name (str) – Name of the value to read

Returns:

Value, or None if the key/value doesn’t exist

Return type:

str | int | bytes | None

static write(hive: int, subkey: str, value_name: str, value: str | int, value_type: int | None = None) → bool[source]¶

Write a registry value. Creates the subkey if it doesn’t exist.

Parameters:

hive (int) – Registry hive (e.g., Win32Registry.HKLM)
subkey (str) – Registry subkey path
value_name (str) – Name of the value to write
value (str | int) – Value to set
value_type (int | None) – Registry type (e.g., Win32Registry.REG_SZ). Auto-detected from value type if omitted.

Returns:

True if successful

Return type:

bool

static delete(hive: int, subkey: str, value_name: str) → bool[source]¶

Delete a registry value.

Parameters:

hive (int) – Registry hive (e.g., Win32Registry.HKLM)
subkey (str) – Registry subkey path
value_name (str) – Name of the value to delete

Returns:

True if deleted, False if missing or failed

Return type:

bool

Win32ServiceManager¶

class Win32ServiceManager[source]¶

Bases: object

Manage Windows services via sc.exe.

Example:

>>> if Win32ServiceManager.is_running("CrowdStrike Falcon"):
...     Win32ServiceManager.stop("CrowdStrike Falcon")

static is_running(service_name: str) → bool[source]¶

Check if a Windows service is running.

Parameters:: service_name (str) – Service name
Returns:: True if the service is currently running
Return type:: bool

static stop(service_name: str) → bool[source]¶

Stop a Windows service.

Parameters:: service_name (str) – Service name
Returns:: True if successfully stopped
Return type:: bool

static start(service_name: str) → bool[source]¶

Start a Windows service.

Parameters:: service_name (str) – Service name
Returns:: True if successfully started
Return type:: bool

static delete(service_name: str) → bool[source]¶

Delete (remove) a Windows service.

Parameters:: service_name (str) – Service name
Returns:: True if successfully deleted
Return type:: bool