chef 17.1.35 → 17.4.38

data/lib/chef/resource/windows_defender_exclusion.rb

@@ -0,0 +1,125 @@
+#
+# Copyright:: Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+
+class Chef
+  class Resource
+    class WindowsDefenderExclusion < Chef::Resource
+
+      provides :windows_defender_exclusion
+
+      description "Use the **windows_defender_exclusion** resource to exclude paths, processes, or file types from Windows Defender realtime protection scanning."
+      introduced "17.3"
+      examples <<~DOC
+      **Add excluded items to Windows Defender scans**:
+
+      ```ruby
+      windows_defender_exclusion 'Add to things to be excluded from scanning' do
+        paths 'c:\\foo\\bar, d:\\bar\\baz'
+        extensions 'png, foo, ppt, doc'
+        process_paths 'c:\\windows\\system32'
+        action :add
+      end
+      ```
+
+      **Remove excluded items from Windows Defender scans**:
+
+      ```ruby
+      windows_defender_exclusion 'Remove things from the list to be excluded' do
+        process_paths 'c:\\windows\\system32'
+        action :remove
+      end
+      ```
+      DOC
+      unified_mode true
+
+      property :paths, [String, Array], default: [],
+        coerce: proc { |x| to_consistent_path_array(x) },
+        description: "File or directory paths to exclude from scanning."
+
+      property :extensions, [String, Array], default: [],
+        coerce: proc { |x| to_consistent_path_array(x) },
+        description: "File extensions to exclude from scanning."
+
+      property :process_paths, [String, Array], default: [],
+        coerce: proc { |x| to_consistent_path_array(x) },
+        description: "Paths to executables to exclude from scanning."
+
+      def to_consistent_path_array(x)
+        fixed = x.dup || []
+        fixed = fixed.split(/\s*,\s*/) if fixed.is_a?(String)
+        fixed.map!(&:downcase)
+        fixed.map! { |v| v.gsub(%r{/}, "\\") }
+        fixed
+      end
+
+      load_current_value do |new_resource|
+        Chef::Log.debug("Running 'Get-MpPreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess' to get Windows Defender State")
+
+        values = powershell_exec!("Get-MPpreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess").result
+
+        values.transform_values! { |x| Array(x) }
+
+        paths new_resource.paths & values["ExclusionPath"]
+        extensions new_resource.extensions & values["ExclusionExtension"]
+        process_paths new_resource.process_paths & values["ExclusionProcess"]
+      end
+
+      action :add, description: "Add an exclusion to Windows Defender." do
+        converge_if_changed do
+          powershell_exec!(add_cmd)
+        end
+      end
+
+      action :remove, description: "Remove an exclusion to Windows Defender." do
+        converge_if_changed do
+          powershell_exec!(remove_cmd)
+        end
+      end
+
+      action_class do
+        MAPPING = {
+          paths: "ExclusionPath",
+          extensions: "ExclusionExtension",
+          process_paths: "ExclusionProcess",
+        }.freeze
+
+        def add_cmd
+          cmd = "Add-MpPreference -Force"
+
+          MAPPING.each do |prop, flag|
+            to_add = new_resource.send(prop) - current_resource.send(prop)
+            cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
+          end
+
+          cmd
+        end
+
+        def remove_cmd
+          cmd = "Remove-MpPreference -Force"
+
+          MAPPING.each do |prop, flag|
+            to_add = new_resource.send(prop) & current_resource.send(prop)
+            cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
+          end
+
+          cmd
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/windows_dfs_folder.rb

@@ -42,7 +42,7 @@ class Chef
       property :description, String,
         description: "Description for the share."
 
-      action :create, description: "Creates the folder in dfs namespace" do
+      action :create, description: "Creates the folder in dfs namespace." do
         raise "target_path is required for install" unless property_is_set?(:target_path)
         raise "description is required for install" unless property_is_set?(:description)
 
@@ -60,7 +60,7 @@ class Chef
         end
       end
 
-      action :delete, description: "Deletes the folder in the dfs namespace" do
+      action :delete, description: "Deletes the folder in the dfs namespace." do
         powershell_script "Delete DFS Namespace" do
           code <<-EOH
             Remove-DfsnFolder -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}\\#{new_resource.folder_path}' -Force

data/lib/chef/resource/windows_dfs_namespace.rb

@@ -52,7 +52,7 @@ class Chef
         description: "The root from which to create the DFS tree. Defaults to C:\\DFSRoots.",
         default: 'C:\\DFSRoots'
 
-      action :create, description: "Creates the dfs namespace on the server" do
+      action :create, description: "Creates the dfs namespace on the server." do
         directory file_path do
           action :create
           recursive true
@@ -82,7 +82,7 @@ class Chef
         end
       end
 
-      action :delete, description: "Deletes a DFS Namespace including the directory on disk" do
+      action :delete, description: "Deletes a DFS Namespace including the directory on disk." do
         powershell_script "Delete DFS Namespace" do
           code <<-EOH
             Remove-DfsnRoot -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}' -Force

data/lib/chef/resource/windows_dns_record.rb

@@ -49,7 +49,7 @@ class Chef
         default: "localhost",
         introduced: "16.3"
 
-      action :create, description: "Creates and updates the DNS entry" do
+      action :create, description: "Creates and updates the DNS entry." do
         windows_feature "RSAT-DNS-Server" do
           not_if new_resource.dns_server.casecmp?("localhost")
         end
@@ -59,7 +59,7 @@ class Chef
         run_dsc_resource "Present"
       end
 
-      action :delete, description: "Deletes a DNS entry" do
+      action :delete, description: "Deletes a DNS entry." do
         windows_feature "RSAT-DNS-Server" do
           not_if new_resource.dns_server.casecmp?("localhost")
         end

data/lib/chef/resource/windows_dns_zone.rb

@@ -40,13 +40,13 @@ class Chef
         description: "The type of DNS server, Domain or Standalone.",
         default: "Domain", equal_to: %w{Domain Standalone}
 
-      action :create, description: "Creates and updates a DNS Zone" do
+      action :create, description: "Creates and updates a DNS Zone." do
         powershell_package "xDnsServer"
 
         run_dsc_resource "Present"
       end
 
-      action :delete, description: "Deletes a DNS Zone" do
+      action :delete, description: "Deletes a DNS Zone." do
         powershell_package "xDnsServer"
 
         run_dsc_resource "Absent"

data/lib/chef/resource/windows_feature.rb

@@ -108,15 +108,15 @@ class Chef
         default: 600,
         desired_state: false
 
-      action :install, description: "Install a Windows role / feature" do
+      action :install, description: "Install a Windows role or feature." do
         run_default_subresource :install
       end
 
-      action :remove, description: "Remove a Windows role / feature" do
+      action :remove, description: "Remove a Windows role or feature." do
         run_default_subresource :remove
       end
 
-      action :delete, description: "Remove a Windows role/feature from the image" do
+      action :delete, description: "Remove a Windows role or feature from the image." do
         run_default_subresource :delete
       end
 

data/lib/chef/resource/windows_feature_dism.rb

@@ -65,9 +65,7 @@ class Chef
         x.map(&:downcase)
       end
 
-      action :install do
-        description "Install a Windows role/feature using DISM"
-
+      action :install, description: "Install a Windows role/feature using DISM." do
         reload_cached_dism_data unless node["dism_features_cache"]
         fail_if_unavailable # fail if the features don't exist
 
@@ -91,7 +89,7 @@ class Chef
         end
       end
 
-      action :remove, description: "Remove a Windows role / feature using DISM" do
+      action :remove, description: "Remove a Windows role or feature using DISM." do
         reload_cached_dism_data unless node["dism_features_cache"]
 
         logger.trace("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -106,7 +104,7 @@ class Chef
         end
       end
 
-      action :delete, description: "Remove a Windows role / feature from the image using DISM" do
+      action :delete, description: "Remove a Windows role or feature from the image using DISM." do
         reload_cached_dism_data unless node["dism_features_cache"]
 
         fail_if_unavailable # fail if the features don't exist

data/lib/chef/resource/windows_feature_powershell.rb

@@ -87,7 +87,7 @@ class Chef
         x.map(&:downcase)
       end
 
-      action :install, description: "Install a Windows role / feature using PowerShell" do
+      action :install, description: "Install a Windows role or feature using PowerShell." do
         reload_cached_powershell_data unless node["powershell_features_cache"]
         fail_if_unavailable # fail if the features don't exist
         fail_if_removed # fail if the features are in removed state
@@ -108,7 +108,7 @@ class Chef
         end
       end
 
-      action :remove, description: "Remove a Windows role / feature using PowerShell" do
+      action :remove, description: "Remove a Windows role or feature using PowerShell." do
         reload_cached_powershell_data unless node["powershell_features_cache"]
 
         Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -123,7 +123,7 @@ class Chef
         end
       end
 
-      action :delete, description: "Delete a Windows role / feature from the image using PowerShell" do
+      action :delete, description: "Delete a Windows role or feature from the image using PowerShell." do
         reload_cached_powershell_data unless node["powershell_features_cache"]
 
         fail_if_unavailable # fail if the features don't exist

data/lib/chef/resource/windows_firewall_profile.rb

@@ -121,7 +121,7 @@ class Chef
         end
       end
 
-      action :enable, description: "Enable and optionally configure a Windows Firewall profile" do
+      action :enable, description: "Enable and optionally configure a Windows Firewall profile." do
         converge_if_changed :default_inbound_action, :default_outbound_action, :allow_inbound_rules, :allow_local_firewall_rules,
           :allow_local_ipsec_rules, :allow_user_apps, :allow_user_ports, :allow_unicast_response, :display_notification do
             fw_cmd = firewall_command(new_resource.profile)
@@ -135,7 +135,7 @@ class Chef
         end
       end
 
-      action :disable, description: "Disable a Windows Firewall profile" do
+      action :disable, description: "Disable a Windows Firewall profile." do
         if firewall_enabled?(new_resource.profile)
           converge_by "Disable the #{new_resource.profile} Firewall Profile" do
             cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"False\""

data/lib/chef/resource/windows_firewall_rule.rb

@@ -39,6 +39,19 @@ class Chef
       end
       ```
 
+      **Configuring multiple remote-address ports on a rule**:
+
+      ```ruby
+      windows_firewall_rule 'MyRule' do
+        description          'Testing out remote address arrays'
+        enabled              false
+        local_port           1434
+        remote_address       %w(10.17.3.101 172.7.7.53)
+        protocol             'TCP'
+        action               :create
+      end
+      ```
+
       **Allow protocol ICMPv6 with ICMP Type**:
 
       ```ruby
@@ -97,8 +110,9 @@ class Chef
         coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
         description: "The local port the firewall rule applies to."
 
-      property :remote_address, String,
-        description: "The remote address the firewall rule applies to."
+      property :remote_address, [String, Array],
+        coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
+        description: "The remote address(es) the firewall rule applies to."
 
       property :remote_port, [String, Integer, Array],
         # split various formats of comma separated lists and provide a sorted array of strings to match PS output
@@ -172,7 +186,7 @@ class Chef
         group state["group"]
         local_address state["local_address"]
         local_port Array(state["local_port"]).sort
-        remote_address state["remote_address"]
+        remote_address Array(state["remote_address"]).sort
         remote_port Array(state["remote_port"]).sort
         direction state["direction"]
         protocol state["protocol"]
@@ -185,7 +199,7 @@ class Chef
         enabled state["enabled"]
       end
 
-      action :create, description: "Create a Windows firewall entry" do
+      action :create, description: "Create a Windows firewall entry." do
         if current_resource
           converge_if_changed :rule_name, :description, :displayname, :local_address, :local_port, :remote_address,
             :remote_port, :direction, :protocol, :icmp_type, :firewall_action, :profile, :program, :service,
@@ -206,7 +220,7 @@ class Chef
         end
       end
 
-      action :delete, description: "Delete an existing Windows firewall entry" do
+      action :delete, description: "Delete an existing Windows firewall entry." do
         if current_resource
           converge_by("delete firewall rule #{new_resource.rule_name}") do
             powershell_exec!("Remove-NetFirewallRule -Name '#{new_resource.rule_name}'")
@@ -227,7 +241,7 @@ class Chef
           cmd << " -Description '#{new_resource.description}'" if new_resource.description
           cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address
           cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port
-          cmd << " -RemoteAddress '#{new_resource.remote_address}'" if new_resource.remote_address
+          cmd << " -RemoteAddress '#{new_resource.remote_address.join("', '")}'" if new_resource.remote_address
           cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port
           cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction
           cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol

data/lib/chef/resource/windows_font.rb

@@ -45,7 +45,7 @@ class Chef
         description: "A local filesystem path or URI that is used to source the font file.",
         coerce: proc { |x| /^.:.*/.match?(x) ? x.tr("\\", "/").gsub("//", "/") : x }
 
-      action :install, description: "Install a font to the system fonts directory" do
+      action :install, description: "Install a font to the system fonts directory." do
         if font_exists?
           logger.debug("Not installing font: #{new_resource.font_name} as font already installed.")
         else

data/lib/chef/resource/windows_pagefile.rb

@@ -39,16 +39,26 @@ class Chef
 
       ```ruby
       windows_pagefile 'Delete the pagefile' do
-        path 'C:\pagefile.sys'
+        path 'C'
         action :delete
       end
       ```
 
+      **Switch to system managed pagefiles**:
+
+      ```ruby
+      windows_pagefile 'Change the pagefile to System Managed' do
+        path 'E:\'
+        system_managed true
+        action :set
+      end
+      ```
+
       **Create a pagefile with an initial and maximum size**:
 
       ```ruby
-      windows_pagefile 'create the pagefile' do
-        path 'C:\pagefile.sys'
+      windows_pagefile 'create the pagefile with these sizes' do
+        path 'f:\'
         initial_size 100
         maximum_size 200
       end
@@ -64,8 +74,7 @@ class Chef
         description: "Configures whether the system manages the pagefile size."
 
       property :automatic_managed, [TrueClass, FalseClass],
-        description: "Enable automatic management of pagefile initial and maximum size. Setting this to true ignores `initial_size` and `maximum_size` properties.",
-        default: false
+        description: "Enable automatic management of pagefile initial and maximum size. Setting this to true ignores `initial_size` and `maximum_size` properties."
 
       property :initial_size, Integer,
         description: "Initial size of the pagefile in megabytes."
@@ -73,23 +82,26 @@ class Chef
       property :maximum_size, Integer,
         description: "Maximum size of the pagefile in megabytes."
 
-      action :set, description: "Configures the default pagefile, creating if it doesn't exist" do
-        pagefile = new_resource.path
-        initial_size = new_resource.initial_size
-        maximum_size = new_resource.maximum_size
-        system_managed = new_resource.system_managed
+      action :set, description: "Configures the default pagefile, creating if it doesn't exist." do
         automatic_managed = new_resource.automatic_managed
 
         if automatic_managed
           set_automatic_managed unless automatic_managed?
-        else
+        elsif automatic_managed == false
           unset_automatic_managed if automatic_managed?
+        else
+          pagefile = clarify_pagefile_name
+          initial_size = new_resource.initial_size
+          maximum_size = new_resource.maximum_size
+          system_managed = new_resource.system_managed
 
-          # Check that the resource is not just trying to unset automatic managed, if it is do nothing more
-          if (initial_size && maximum_size) || system_managed
-            validate_name
-            create(pagefile) unless exists?(pagefile)
+          # the method below is designed to raise an exception if the drive you are trying to create a pagefile for doesn't exist.
+          # PowerShell will happily let you create a pagefile called h:\pagefile.sys even though you don't have an H:\ drive.
+
+          pagefile_drive_exist?(pagefile)
+          create(pagefile) unless exists?(pagefile)
 
+          if (initial_size && maximum_size) || system_managed
             if system_managed
               set_system_managed(pagefile) unless max_and_min_set?(pagefile, 0, 0)
             else
@@ -101,21 +113,33 @@ class Chef
         end
       end
 
-      action :delete, description: "Deletes the specified pagefile" do
-        validate_name
-        delete(new_resource.path) if exists?(new_resource.path)
+      action :delete, description: "Deletes the specified pagefile." do
+        pagefile = clarify_pagefile_name
+        delete(pagefile) if exists?(pagefile)
       end
 
       action_class do
         private
 
-        # make sure the provided name property matches the appropriate format
-        # we do this here and not in the property itself because if automatic_managed
-        # is set then this validation is not necessary / doesn't make sense at all
-        def validate_name
-          return if /^.:.*.sys/.match?(new_resource.path)
+        # We are adding support for a number of possibilities for how users will express the drive and location they want the pagefile written to.
+        def clarify_pagefile_name
+          case new_resource.path
+          # user enters C, C:, C:\, C:\\
+          when /^[a-zA-Z]/
+            new_resource.path[0] + ":\\pagefile.sys"
+          # user enters C:\pagefile.sys OR c:\foo\bar\pagefile.sys as the path
+          when /^[a-zA-Z]:.*.sys/
+            new_resource.path
+          else
+            raise "#{new_resource.path} does not match the format DRIVE:\\path\\pagefile.sys for pagefiles. Example: C:\\pagefile.sys"
+          end
+        end
 
-          raise "#{new_resource.path} does not match the format DRIVE:\\path\\file.sys for pagefiles. Example: C:\\pagefile.sys"
+        # raise an exception if the target drive location is invalid
+        def pagefile_drive_exist?(pagefile)
+          if ::Dir.exist?(pagefile[0] + ":\\") == false
+            raise "You are trying to create a pagefile on a drive that does not exist!"
+          end
         end
 
         # See if the pagefile exists
@@ -124,9 +148,11 @@ class Chef
         # @return [Boolean]
         def exists?(pagefile)
           @exists ||= begin
-            logger.trace("Checking if #{pagefile} exists by running: wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list")
-            cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", returns: [0])
-            cmd.stderr.empty? && (cmd.stdout =~ /SettingID=#{get_setting_id(pagefile)}/i)
+            logger.trace("Checking if #{pagefile} exists by running: Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($pagefile)} ")
+            cmd =  "$page_file_name = '#{pagefile}';"
+            cmd << "$pagefile = Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($page_file_name)};"
+            cmd << "if ([string]::IsNullOrEmpty($pagefile)) { return $false } else { return $true }"
+            powershell_exec!(cmd).result
           end
         end
 
@@ -137,11 +163,14 @@ class Chef
         # @param [String] max the minimum size of the pagefile
         # @return [Boolean]
         def max_and_min_set?(pagefile, min, max)
-          @max_and_min_set ||= begin
-            logger.trace("Checking if #{pagefile} min: #{min} and max #{max} are set")
-            cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", returns: [0])
-            cmd.stderr.empty? && (cmd.stdout =~ /InitialSize=#{min}/i) && (cmd.stdout =~ /MaximumSize=#{max}/i)
-          end
+          logger.trace("Checking if #{pagefile} has max and initial disk size values set")
+          cmd =  "$page_file = '#{pagefile}';"
+          cmd << "$driveLetter = $page_file.split(':')[0];"
+          cmd << "$page_file_settings = Get-CimInstance -ClassName Win32_PageFileSetting -Filter \"SettingID='pagefile.sys @ $($driveLetter):'\" -Property * -ErrorAction Stop;"
+          cmd << "if ($page_file_settings.InitialSize -eq #{min} -and $page_file_settings.MaximumSize -eq #{max})"
+          cmd << "{ return $true }"
+          cmd << "else { return $false }"
+          powershell_exec!(cmd).result
         end
 
         # create a pagefile
@@ -149,9 +178,10 @@ class Chef
         # @param [String] pagefile path to the pagefile
         def create(pagefile)
           converge_by("create pagefile #{pagefile}") do
-            logger.trace("Running wmic.exe pagefileset create name=\"#{pagefile}\"")
-            cmd = shell_out("wmic.exe pagefileset create name=\"#{pagefile}\"")
-            check_for_errors(cmd.stderr)
+            logger.trace("Running New-CimInstance -ClassName Win32_PageFileSetting to create new pagefile : #{pagefile}")
+            powershell_exec! <<~ELM
+              New-CimInstance -ClassName Win32_PageFileSetting -Property  @{Name = "#{pagefile}"}
+            ELM
           end
         end
 
@@ -160,9 +190,13 @@ class Chef
         # @param [String] pagefile path to the pagefile
         def delete(pagefile)
           converge_by("remove pagefile #{pagefile}") do
-            logger.trace("Running wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete")
-            cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete")
-            check_for_errors(cmd.stderr)
+            logger.trace("Running Remove-CimInstance for pagefile : #{pagefile}")
+            powershell_exec! <<~EOL
+              $page_file = "#{pagefile}"
+              $driveLetter = $page_file.split(':')[0]
+              $PageFile = (Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop)
+              $null = ($PageFile | Remove-CimInstance -ErrorAction SilentlyContinue)
+            EOL
           end
         end
 
@@ -172,26 +206,31 @@ class Chef
         def automatic_managed?
           @automatic_managed ||= begin
             logger.trace("Checking if pagefiles are automatically managed")
-            cmd = shell_out("wmic.exe computersystem where name=\"%computername%\" get AutomaticManagedPagefile /format:list")
-            cmd.stderr.empty? && (cmd.stdout =~ /AutomaticManagedPagefile=TRUE/i)
+            cmd = "$sys = Get-CimInstance Win32_ComputerSystem -Property *;"
+            cmd << "return $sys.AutomaticManagedPagefile"
+            powershell_exec!(cmd).result
           end
         end
 
         # turn on automatic management of all pagefiles by Windows
         def set_automatic_managed
-          converge_by("set pagefile to Automatic Managed") do
-            logger.trace("Running wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True")
-            cmd = shell_out("wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True")
-            check_for_errors(cmd.stderr)
+          converge_by("Set pagefile to Automatic Managed") do
+            logger.trace("Running Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$true} -PassThru")
+            powershell_exec! <<~EOH
+              $sys = Get-CimInstance Win32_ComputerSystem -Property *
+              Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$true} -PassThru
+            EOH
           end
         end
 
         # turn off automatic management of all pagefiles by Windows
         def unset_automatic_managed
-          converge_by("set pagefile to User Managed") do
-            logger.trace("Running wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False")
-            cmd = shell_out("wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False")
-            check_for_errors(cmd.stderr)
+          converge_by("Turn off Automatically Managed on pagefiles") do
+            logger.trace("Running Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru")
+            powershell_exec! <<~EOH
+              $sys = Get-CimInstance Win32_ComputerSystem -Property *
+              Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru
+            EOH
           end
         end
 
@@ -202,9 +241,14 @@ class Chef
         # @param [String] max the minimum size of the pagefile
         def set_custom_size(pagefile, min, max)
           converge_by("set #{pagefile} to InitialSize=#{min} & MaximumSize=#{max}") do
-            logger.trace("Running wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}")
-            cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}", returns: [0])
-            check_for_errors(cmd.stderr)
+            logger.trace("Set-CimInstance -Property @{InitialSize = #{min} MaximumSize = #{max}")
+            powershell_exec! <<~EOD
+              $page_file = "#{pagefile}"
+              $driveLetter = $page_file.split(':')[0]
+              Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{
+              InitialSize = #{min}
+              MaximumSize = #{max}}
+            EOD
           end
         end
 
@@ -213,21 +257,16 @@ class Chef
         # @param [String] pagefile path to the pagefile
         def set_system_managed(pagefile)
           converge_by("set #{pagefile} to System Managed") do
-            logger.trace("Running wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0")
-            cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0", returns: [0])
-            check_for_errors(cmd.stderr)
+            logger.trace("Running ")
+            powershell_exec! <<~EOM
+              $page_file = "#{pagefile}"
+              $driveLetter = $page_file.split(':')[0]
+              Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{
+              InitialSize = 0
+              MaximumSize = 0}
+            EOM
           end
         end
-
-        def get_setting_id(pagefile)
-          split_path = pagefile.split("\\")
-          "#{split_path[1]} @ #{split_path[0]}"
-        end
-
-        # raise if there's an error on stderr on a shellout
-        def check_for_errors(stderr)
-          raise stderr.chomp unless stderr.empty?
-        end
       end
     end
   end