Summary

Automates the full display stack on Windows-based SOC machines: scheduled power, unattended login, browser launch, and SSO authentication. Each layer is independent; you can deploy as much or as little as needed. I've also laid the groundwork for a local AI assistant layer, covered in Part 6.

Part 1: Scheduled Power

Wake: BIOS Scheduled Power-On

PowerShell cannot turn on a fully powered-off machine. Use one of:

  • BIOS/UEFI RTC Wake (Recommended) — Set a daily wake time in firmware under Power Management. Labels vary: "Auto Power On", "Scheduled Boot", "RTC Alarm".
  • Wake-on-LAN (WoL) — Requires machines left in sleep/hibernate. A server sends a magic packet to wake them. Requires WoL enabled in BIOS and on the network adapter.

Enabling WoL via PowerShell

Get-NetAdapter | Where-Object { $_.Status -eq 'Up' } | ForEach-Object {
    $adapterName = $_.Name
    $adapter = Get-WmiObject MSPower_DeviceWakeEnable -Namespace root\wmi |
               Where-Object { $_.InstanceName -match $adapterName }
    if ($adapter) { $adapter.Enable = $true; $adapter.Put() }
}

To send the magic packet from a management server:

# Send-WOL -MacAddress '00:1A:2B:3C:4D:5E'
# Or use wolcmd.exe

Shutdown: Task Scheduler

GUI: Task Scheduler → Create Basic Task → Weekly, Mon–Fri at 17:00, action shutdown.exe /s /t 60.

PowerShell (preferred for multiple machines):

$action  = New-ScheduledTaskAction -Execute "shutdown.exe" -Argument "/s /t 60"
$trigger = New-ScheduledTaskTrigger -Weekly `
           -DaysOfWeek Monday,Tuesday,Wednesday,Thursday,Friday `
           -At "17:00"
$settings = New-ScheduledTaskSettingsSet -ExecutionTimeLimit (New-TimeSpan -Minutes 2)

Register-ScheduledTask `
    -TaskName    "SOC-Display-Shutdown" `
    -Action      $action `
    -Trigger     $trigger `
    -Settings    $settings `
    -RunLevel    Highest `
    -Force

Manual Override

  • Immediate shutdown: shutdown /s /t 0
  • Cancel pending shutdown: shutdown /a
  • Disable tonight's shutdown: Disable-ScheduledTask -TaskName 'SOC-Display-Shutdown'
  • Re-enable: Enable-ScheduledTask -TaskName 'SOC-Display-Shutdown'

Create on-demand tasks SOC-Display-Shutdown-Disable and SOC-Display-Shutdown-Enable for quick toggling without opening Task Scheduler. These can be wired to voice commands in Part 6.

Part 2: Windows Auto-Login

Sysinternals Autologon

Do not use the raw registry approach (DefaultPassword in plaintext). Use Autologon.exe from Microsoft Sysinternals; it stores credentials encrypted via LSA secrets.

# GUI: run autologon.exe and fill in the form
# Scripted:
autologon.exe <username> <domain> <password> /accepteula

For local accounts, use the machine name or . as the domain.

Azure AD / Entra ID Joined Machines

Domain-joined machines with Autologon + Edge will silently authenticate to SSO providers via Windows Integrated Authentication (PRT tokens on Entra ID). Dashboards may open already logged in with no further steps.

  • Entra ID joined — Edge uses the PRT for silent auth. No credentials stored in browser.
  • On-prem AD / federated SSO — Kerberos tokens pass through with proper GPO settings.
  • Workgroup machines — Require browser session management (Part 3).

Security Considerations

Use a dedicated service account with read-only dashboard access, not a personal or admin account.

  • Enable screen lock on idle if displays are accessible to non-staff.
  • LSA encryption is not unbreakable. Minimize what this account can access.
  • Log autologin activity to detect unexpected interactive sessions.

Part 3: Browser Launch and SSO

Launch on Login

$action = New-ScheduledTaskAction `
    -Execute  "msedge.exe" `
    -Argument "--start-fullscreen https://your-dashboard-url.com"

$trigger = New-ScheduledTaskTrigger -AtLogOn

Register-ScheduledTask `
    -TaskName "SOC-Display-Launch" `
    -Action   $action `
    -Trigger  $trigger `
    -RunLevel Highest `
    -Force

For multiple monitors, use --window-position to place each window:

# Monitor 1 — position 0,0
$arg1 = "--start-fullscreen --window-position=0,0 https://dashboard-one.com"
# Monitor 2 — position 1920,0
$arg2 = "--start-fullscreen --window-position=1920,0 https://dashboard-two.com"

Edge vs. Chrome

Prefer Edge in enterprise environments:

  • Uses the Windows PRT on Entra ID-joined machines for silent SSO.
  • --kiosk flag gives a locked-down, chrome-free fullscreen mode.
  • Manageable via Group Policy or Intune.

Session Persistence

  • Settings → On Startup → Continue where you left off
  • Use a dedicated browser profile for the display account
  • Disable Clear cookies on exit

Testing SSO Behavior

Before relying on silent auth, test each dashboard URL on a clean session and note which require a button click. Dashboards that authenticate silently need no further work; the rest go through Playwright in Part 4.

Once one SSO session is established, subsequent dashboards on the same identity provider typically authenticate transparently. Usually only the first dashboard requires any interaction.

Part 4: Playwright for SSO Prompts

In this architecture, Playwright handles identity provider login buttons.

Setup

pip install playwright
playwright install chromium

Reusing the Existing Browser Profile

Point Playwright at the display machine's existing Edge profile so it inherits the authenticated session:

from playwright.sync_api import sync_playwright
import os

PROFILE_PATH = os.path.expandvars(r'%LOCALAPPDATA%\Microsoft\Edge\User Data')

with sync_playwright() as p:
    browser = p.chromium.launch_persistent_context(
        user_data_dir=PROFILE_PATH,
        channel='msedge',
        headless=False,
        args=['--start-fullscreen']
    )
    page = browser.new_page()
    page.goto('https://your-dashboard-url.com')

Clicking the SSO Button

# By text
page.wait_for_selector('text=Sign in with SSO', timeout=10000)
page.click('text=Sign in with SSO')
page.wait_for_load_state('networkidle')

# By CSS selector
page.wait_for_selector('#sso-login-btn')
page.click('#sso-login-btn')

# By ARIA role
page.get_by_role('button', name='Sign in with SSO').click()

Multi-Dashboard Launch Script

from playwright.sync_api import sync_playwright
import os, time

PROFILE = os.path.expandvars(r'%LOCALAPPDATA%\Microsoft\Edge\User Data')

DASHBOARDS = [
    'https://tickets.example.com',
    'https://security.example.com',
    'https://network.example.com',
]

def handle_sso_if_present(page):
    try:
        btn = page.wait_for_selector('text=Sign in with SSO', timeout=5000)
        if btn:
            btn.click()
            page.wait_for_load_state('networkidle')
    except:
        pass  # Already authenticated

with sync_playwright() as p:
    ctx = p.chromium.launch_persistent_context(
        user_data_dir=PROFILE,
        channel='msedge',
        headless=False,
        args=['--start-fullscreen']
    )
    time.sleep(3)
    for url in DASHBOARDS:
        page = ctx.new_page()
        page.goto(url)
        handle_sso_if_present(page)
    # Do not call ctx.close()

Task Scheduler Registration

$action = New-ScheduledTaskAction `
    -Execute  "python.exe" `
    -Argument "C:\SOC\launch_dashboards.py"
$trigger = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask -TaskName "SOC-Display-Playwright" `
    -Action $action -Trigger $trigger -RunLevel Highest -Force

Part 5: AI Voice Assistant

A locally-hosted assistant that accepts spoken commands and queries security tooling. Covered in full in Part 6.

Stack: faster-whisper (STT) → Ollama LLM (Llama 3.1 / Phi-4) → tool execution → Kokoro (TTS)

Planned tools:

  • Display Control — enable/disable scheduled power tasks via PowerShell
  • Jira Search — query tickets by keyword and commenter via REST API
  • Browser Read — read dashboard metrics via Playwright
  • Web Fetch — fetch CVE details, advisories, internal wiki pages

All processing is local. No queries about active threats, asset counts, or ticket contents transit external APIs.