noid-privacy/Modules/_ModuleTemplate/Public/Invoke-ModuleTemplate.ps1

function Invoke-ModuleTemplate {
    <#
    .SYNOPSIS
        Template function implementing BACKUP/APPLY/VERIFY/RESTORE pattern
        
    .DESCRIPTION
        This is a template function showing how to properly implement
        the four-phase hardening pattern required for all modules.
        
    .PARAMETER DryRun
        Preview changes without applying them
        
    .PARAMETER SkipBackup
        Skip backup phase (not recommended)
        
    .PARAMETER SkipVerify
        Skip verification phase (not recommended)
        
    .EXAMPLE
        Invoke-ModuleTemplate -DryRun
        Preview what changes would be made
        
    .EXAMPLE
        Invoke-ModuleTemplate
        Apply all hardening changes with backup
        
    .OUTPUTS
        PSCustomObject with execution results
    #>
    [CmdletBinding()]
    [OutputType([PSCustomObject])]
    param(
        [Parameter(Mandatory = $false)]
        [switch]$DryRun,
        
        [Parameter(Mandatory = $false)]
        [switch]$SkipBackup,
        
        [Parameter(Mandatory = $false)]
        [switch]$SkipVerify
    )
    
    begin {
        Write-Log -Level INFO -Message "Starting ModuleTemplate execution" -Module "ModuleTemplate"
        
        $result = [PSCustomObject]@{
            ModuleName = "ModuleTemplate"
            Success = $true
            ChangesApplied = 0
            Errors = @()
            Warnings = @()
            BackupCreated = $false
            VerificationPassed = $false
        }
    }
    
    process {
        try {
            # ========================================
            # PHASE 1: BACKUP
            # ========================================
            if (-not $SkipBackup -and -not $DryRun) {
                Write-Log -Level INFO -Message "PHASE 1: Creating backups" -Module "ModuleTemplate"
                
                try {
                    # Example: Backup a registry key
                    $backupFile = Backup-RegistryKey `
                        -KeyPath "HKLM:\SOFTWARE\Policies\Microsoft\Windows" `
                        -BackupName "ModuleTemplate_Example"
                    
                    if ($null -ne $backupFile) {
                        $result.BackupCreated = $true
                        Write-Log -Level SUCCESS -Message "Backup created successfully" -Module "ModuleTemplate"
                    }
                    else {
                        $result.Warnings += "Backup creation failed"
                        Write-Log -Level WARNING -Message "Backup creation failed" -Module "ModuleTemplate"
                    }
                }
                catch {
                    $result.Warnings += "Backup error: $($_.Exception.Message)"
                    Write-Log -Level WARNING -Message "Backup error" -Module "ModuleTemplate" -Exception $_
                }
            }
            elseif ($DryRun) {
                Write-Log -Level INFO -Message "[DRY RUN] Would create backup" -Module "ModuleTemplate"
            }
            
            # ========================================
            # PHASE 2: APPLY
            # ========================================
            Write-Log -Level INFO -Message "PHASE 2: Applying changes" -Module "ModuleTemplate"
            
            if ($DryRun) {
                Write-Log -Level INFO -Message "[DRY RUN] Would apply the following changes:" -Module "ModuleTemplate"
                Write-Log -Level INFO -Message "[DRY RUN]   - Example registry key modification" -Module "ModuleTemplate"
                Write-Log -Level INFO -Message "[DRY RUN]   - Example service configuration" -Module "ModuleTemplate"
            }
            else {
                # Example: Apply a registry setting
                $registrySuccess = Set-RegistryValue `
                    -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Example" `
                    -Name "ExampleSetting" `
                    -Value 1 `
                    -Type "DWord" `
                    -BackupName "ModuleTemplate_Registry"
                
                if ($registrySuccess) {
                    $result.ChangesApplied++
                    Write-Log -Level SUCCESS -Message "Registry setting applied" -Module "ModuleTemplate"
                }
                else {
                    $result.Errors += "Failed to apply registry setting"
                    Write-Log -Level ERROR -Message "Failed to apply registry setting" -Module "ModuleTemplate"
                }
                
                # Example: Configure a service
                if (Test-ServiceExists -ServiceName "ExampleService") {
                    $serviceSuccess = Set-ServiceStartupType `
                        -ServiceName "ExampleService" `
                        -StartupType "Disabled" `
                        -BackupName "ModuleTemplate_Service"
                    
                    if ($serviceSuccess) {
                        $result.ChangesApplied++
                        Write-Log -Level SUCCESS -Message "Service configured" -Module "ModuleTemplate"
                    }
                    else {
                        $result.Errors += "Failed to configure service"
                        Write-Log -Level ERROR -Message "Failed to configure service" -Module "ModuleTemplate"
                    }
                }
            }
            
            # ========================================
            # PHASE 3: VERIFY
            # ========================================
            if (-not $SkipVerify) {
                Write-Log -Level INFO -Message "PHASE 3: Verifying changes" -Module "ModuleTemplate"
                
                if ($DryRun) {
                    Write-Log -Level INFO -Message "[DRY RUN] Would verify all settings" -Module "ModuleTemplate"
                    $result.VerificationPassed = $true
                }
                else {
                    # Example: Verify registry setting
                    $actualValue = Get-RegistryValue `
                        -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Example" `
                        -Name "ExampleSetting" `
                        -DefaultValue 0
                    
                    if ($actualValue -eq 1) {
                        Write-Log -Level SUCCESS -Message "Registry setting verified" -Module "ModuleTemplate"
                        $result.VerificationPassed = $true
                    }
                    else {
                        $result.VerificationPassed = $false
                        $result.Errors += "Verification failed: Registry setting not applied correctly"
                        Write-Log -Level ERROR -Message "Verification failed" -Module "ModuleTemplate"
                    }
                }
            }
            
            # ========================================
            # PHASE 4: RESTORE (Only if errors occurred)
            # ========================================
            if ($result.Errors.Count -gt 0 -and -not $DryRun) {
                Write-Log -Level WARNING -Message "PHASE 4: Errors detected, initiating rollback" -Module "ModuleTemplate"
                
                # Restore from backup would go here
                # This is handled by the Rollback.ps1 module
                Write-Log -Level INFO -Message "Run Restore-AllBackups to undo changes" -Module "ModuleTemplate"
            }
            
        }
        catch {
            $result.Success = $false
            $result.Errors += $_.Exception.Message
            Write-Log -Level ERROR -Message "Module execution failed" -Module "ModuleTemplate" -Exception $_
        }
    }
    
    end {
        # Final status
        if ($result.Errors.Count -eq 0) {
            Write-Log -Level SUCCESS -Message "ModuleTemplate completed successfully" -Module "ModuleTemplate"
            $result.Success = $true
        }
        else {
            Write-Log -Level ERROR -Message "ModuleTemplate completed with errors" -Module "ModuleTemplate"
            $result.Success = $false
        }
        
        Write-Log -Level INFO -Message "Changes applied: $($result.ChangesApplied)" -Module "ModuleTemplate"
        Write-Log -Level INFO -Message "Errors: $($result.Errors.Count)" -Module "ModuleTemplate"
        Write-Log -Level INFO -Message "Warnings: $($result.Warnings.Count)" -Module "ModuleTemplate"
        
        return $result
    }
}
v2.2.0 - Complete Security Hardening Framework (632 Settings) 2025-12-08 10:32:49 +01:00			`function Invoke-ModuleTemplate {`
			`<#`
			`.SYNOPSIS`
			`Template function implementing BACKUP/APPLY/VERIFY/RESTORE pattern`

			`.DESCRIPTION`
			`This is a template function showing how to properly implement`
			`the four-phase hardening pattern required for all modules.`

			`.PARAMETER DryRun`
			`Preview changes without applying them`

			`.PARAMETER SkipBackup`
			`Skip backup phase (not recommended)`

			`.PARAMETER SkipVerify`
			`Skip verification phase (not recommended)`

			`.EXAMPLE`
			`Invoke-ModuleTemplate -DryRun`
			`Preview what changes would be made`

			`.EXAMPLE`
			`Invoke-ModuleTemplate`
			`Apply all hardening changes with backup`

			`.OUTPUTS`
			`PSCustomObject with execution results`
			`#>`
			`[CmdletBinding()]`
			`[OutputType([PSCustomObject])]`
			`param(`
			`[Parameter(Mandatory = $false)]`
			`[switch]$DryRun,`

			`[Parameter(Mandatory = $false)]`
			`[switch]$SkipBackup,`

			`[Parameter(Mandatory = $false)]`
			`[switch]$SkipVerify`
			`)`

			`begin {`
			`Write-Log -Level INFO -Message "Starting ModuleTemplate execution" -Module "ModuleTemplate"`

			`$result = [PSCustomObject]@{`
			`ModuleName = "ModuleTemplate"`
			`Success = $true`
			`ChangesApplied = 0`
			`Errors = @()`
			`Warnings = @()`
			`BackupCreated = $false`
			`VerificationPassed = $false`
			`}`
			`}`

			`process {`
			`try {`
			`# ========================================`
			`# PHASE 1: BACKUP`
			`# ========================================`
			`if (-not $SkipBackup -and -not $DryRun) {`
			`Write-Log -Level INFO -Message "PHASE 1: Creating backups" -Module "ModuleTemplate"`

			`try {`
			`# Example: Backup a registry key`
			$backupFile = Backup-RegistryKey `
			-KeyPath "HKLM:\SOFTWARE\Policies\Microsoft\Windows" `
			`-BackupName "ModuleTemplate_Example"`

			`if ($null -ne $backupFile) {`
			`$result.BackupCreated = $true`
			`Write-Log -Level SUCCESS -Message "Backup created successfully" -Module "ModuleTemplate"`
			`}`
			`else {`
			`$result.Warnings += "Backup creation failed"`
			`Write-Log -Level WARNING -Message "Backup creation failed" -Module "ModuleTemplate"`
			`}`
			`}`
			`catch {`
			`$result.Warnings += "Backup error: $($_.Exception.Message)"`
			`Write-Log -Level WARNING -Message "Backup error" -Module "ModuleTemplate" -Exception $_`
			`}`
			`}`
			`elseif ($DryRun) {`
			`Write-Log -Level INFO -Message "[DRY RUN] Would create backup" -Module "ModuleTemplate"`
			`}`

			`# ========================================`
			`# PHASE 2: APPLY`
			`# ========================================`
			`Write-Log -Level INFO -Message "PHASE 2: Applying changes" -Module "ModuleTemplate"`

			`if ($DryRun) {`
			`Write-Log -Level INFO -Message "[DRY RUN] Would apply the following changes:" -Module "ModuleTemplate"`
			`Write-Log -Level INFO -Message "[DRY RUN] - Example registry key modification" -Module "ModuleTemplate"`
			`Write-Log -Level INFO -Message "[DRY RUN] - Example service configuration" -Module "ModuleTemplate"`
			`}`
			`else {`
			`# Example: Apply a registry setting`
			$registrySuccess = Set-RegistryValue `
			-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Example" `
			-Name "ExampleSetting" `
			-Value 1 `
			-Type "DWord" `
			`-BackupName "ModuleTemplate_Registry"`

			`if ($registrySuccess) {`
			`$result.ChangesApplied++`
			`Write-Log -Level SUCCESS -Message "Registry setting applied" -Module "ModuleTemplate"`
			`}`
			`else {`
			`$result.Errors += "Failed to apply registry setting"`
			`Write-Log -Level ERROR -Message "Failed to apply registry setting" -Module "ModuleTemplate"`
			`}`

			`# Example: Configure a service`
			`if (Test-ServiceExists -ServiceName "ExampleService") {`
			$serviceSuccess = Set-ServiceStartupType `
			-ServiceName "ExampleService" `
			-StartupType "Disabled" `
			`-BackupName "ModuleTemplate_Service"`

			`if ($serviceSuccess) {`
			`$result.ChangesApplied++`
			`Write-Log -Level SUCCESS -Message "Service configured" -Module "ModuleTemplate"`
			`}`
			`else {`
			`$result.Errors += "Failed to configure service"`
			`Write-Log -Level ERROR -Message "Failed to configure service" -Module "ModuleTemplate"`
			`}`
			`}`
			`}`

			`# ========================================`
			`# PHASE 3: VERIFY`
			`# ========================================`
			`if (-not $SkipVerify) {`
			`Write-Log -Level INFO -Message "PHASE 3: Verifying changes" -Module "ModuleTemplate"`

			`if ($DryRun) {`
			`Write-Log -Level INFO -Message "[DRY RUN] Would verify all settings" -Module "ModuleTemplate"`
			`$result.VerificationPassed = $true`
			`}`
			`else {`
			`# Example: Verify registry setting`
			$actualValue = Get-RegistryValue `
			-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Example" `
			-Name "ExampleSetting" `
			`-DefaultValue 0`

			`if ($actualValue -eq 1) {`
			`Write-Log -Level SUCCESS -Message "Registry setting verified" -Module "ModuleTemplate"`
			`$result.VerificationPassed = $true`
			`}`
			`else {`
			`$result.VerificationPassed = $false`
			`$result.Errors += "Verification failed: Registry setting not applied correctly"`
			`Write-Log -Level ERROR -Message "Verification failed" -Module "ModuleTemplate"`
			`}`
			`}`
			`}`

			`# ========================================`
			`# PHASE 4: RESTORE (Only if errors occurred)`
			`# ========================================`
			`if ($result.Errors.Count -gt 0 -and -not $DryRun) {`
			`Write-Log -Level WARNING -Message "PHASE 4: Errors detected, initiating rollback" -Module "ModuleTemplate"`

			`# Restore from backup would go here`
			`# This is handled by the Rollback.ps1 module`
			`Write-Log -Level INFO -Message "Run Restore-AllBackups to undo changes" -Module "ModuleTemplate"`
			`}`

			`}`
			`catch {`
			`$result.Success = $false`
			`$result.Errors += $_.Exception.Message`
			`Write-Log -Level ERROR -Message "Module execution failed" -Module "ModuleTemplate" -Exception $_`
			`}`
			`}`

			`end {`
			`# Final status`
			`if ($result.Errors.Count -eq 0) {`
			`Write-Log -Level SUCCESS -Message "ModuleTemplate completed successfully" -Module "ModuleTemplate"`
			`$result.Success = $true`
			`}`
			`else {`
			`Write-Log -Level ERROR -Message "ModuleTemplate completed with errors" -Module "ModuleTemplate"`
			`$result.Success = $false`
			`}`

			`Write-Log -Level INFO -Message "Changes applied: $($result.ChangesApplied)" -Module "ModuleTemplate"`
			`Write-Log -Level INFO -Message "Errors: $($result.Errors.Count)" -Module "ModuleTemplate"`
			`Write-Log -Level INFO -Message "Warnings: $($result.Warnings.Count)" -Module "ModuleTemplate"`

			`return $result`
			`}`
			`}`