Deploying and executing a powershell script with bigfix

(imported topic written by dmoore21)

Good afternoon,

Using the action script found
as a base, I modified it as follows:


//PowerShell Script…


//1. Save old ExecutionPolicy value

parameter “PolicyExisted”="{exists value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry}"

parameter “oldExecutionPolicy”="{if (parameter “PolicyExisted” as boolean) then (value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry as string) else “”}"

//2. set to ExecutionPolicy=Unrestricted and set the powershell executable location

//we need to determine what the current execution policy is so we can put it back when we’re done.

regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=“Unrestricted”

parameter “PowerShellexe” = “C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe”

//3. Clear any existing script and DL PowerShell script

delete c:\script.ps1

download http://BF-Site/Uploads/script.ps1

continue if {(size of it = 5955 AND sha1 of it = “4f9d85970da5511498bc0a5db5e9f05884e897e5”) of file “script.ps1” of folder “__Download”}

move __Download\script.ps1 c:\script.ps1

//4. Execute PowerShell with ps1 script file

waithidden “{parameter “PowerShellexe”}” -file “c:\script.ps1 | Format-Table -AutoSize -Property Name,RuleType,Profile -Wrap”

//5. Restore ExecutionPolicy back

if {parameter "PolicyExisted" as boolean}

    regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="{parameter "oldExecutionPolicy"}"


    regdelete "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"



I tested my modification in the fixlet debugger, and everything came out ok. So, I created an action in BigFix, hoping that the results would be the same. The BigFix console does report that the action completes successfully, but I am supposed to receive an e-mail when the powershell script completes… So, the powershell script is failing. I know that the steps 1-3 of the action script execute successfully (I can RDP to the server and see that there is a script.ps1 in C:)… So I think the action script is failing at Step 4, where powershell.exe is invoked…

(imported comment written by R26KPA)


We use this to launch PowerShell scripts:

rem //**Begin Command Marker

powershell.exe -file “.\MyScript.ps1”

rem //**End Command Marker

Launching the script between the command markers works on the endpoints we are managing. We create our custom tasks In Systems Lifecycle, Software Distribution, Manage Software Distribution. When creating a new package there, the action script in the task is pre populated and includes those command markers, almost like a template.


A post was split to a new topic: Run Powershell Script with BigFix