mg-go-app

command module
v0.0.0-...-13e4519 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2019 License: MIT Imports: 11 Imported by: 0

README

Windows MDM Demo In Go Lang

Status: Working Enrollment - Still being refactored

I was trying to develop an MDM server to manage Windows 10 computers using the built-in protocol Windows Mobile Device Management protocol. I found the documentation really difficult to understand and I could not find any open source demo's on the internet. So I figured out the protocol and am publishing this for anyone who is trying to do the same thing. This codebase is not designed to be production ready, clean and error free code, It is meant to show you the minimum requirements to get a Windows 10 device enrolled under management.

Disclaimer

This project should not be assumed to be secure or even correctly follow the Microsoft spec. I released this as a starting point for other developers who are working with the protocol. Please don't expose this to the internet or leave devices enrolled with the default certificates as it could put your equipment at risk.

Licence

This code is MIT licensed so use it in your projects as long as you give credit to me. If this helps your MDM implementation reach out I would love to hear how you are using it.

Installation

First clone the git repository

git clone https://github.com/oscartbeaumont/windows_mdm.git

The Windows client certificate generated by the device contains invalid characters in its common name. These certificates are rejected by Go Lang when parsed. The solution to this is to modify the Go Lang sources to allow extra characters. I have written a script which can do it for you and it is idempotent. Be aware this will need to be redone after updating Go Lang. I am also not responisble if this messes up your Go Lang installation. After applying this patch please be carefull about the certs you use in Go Lang as this patch could break other Go applications or lead to unintended issues. You can run the script using the command shown below.

go run patch/patch.go

Now start the server.

go run ./

Next either navigate to the /enroll path of this server on a Windows device or launch settings and try and enroll in MDM via a users email address. For this server to work you "MUST" (quoted from Windows MDM documentation) have a DNS entry at enterpriseenrollment. pointed at this server. Eg. For the server domain mdm.otbeaumont.me I have a DNS entry at mdm.otbeaumont.me point at the server and one at enterpriseenrollment.otbeaumont.me and this allows user to sign up the the email *@otbeaumont.me. This server has some configuration options at the top of the main.go file so this is where you can change your domain.

Why did I build this

This code is going to be cleaned up (a lot) and integrated into Mattrax!

Help

If you are having any problems contact me!

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
mdm
windows/types
windows/wstep

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.