(imported topic written by dmoore21)
Good afternoon,
Using the action script found
here
as a base, I modified it as follows:
//============================================================================
//PowerShell Script…
//
//1. Save old ExecutionPolicy value
parameter “PolicyExisted”="{exists value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry}"
parameter “oldExecutionPolicy”="{if (parameter “PolicyExisted” as boolean) then (value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry as string) else “”}"
//2. set to ExecutionPolicy=Unrestricted and set the powershell executable location
//we need to determine what the current execution policy is so we can put it back when we’re done.
regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=“Unrestricted”
parameter “PowerShellexe” = “C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe”
//3. Clear any existing script and DL PowerShell script
delete c:\script.ps1
download http://BF-Site/Uploads/script.ps1
continue if {(size of it = 5955 AND sha1 of it = “4f9d85970da5511498bc0a5db5e9f05884e897e5”) of file “script.ps1” of folder “__Download”}
move __Download\script.ps1 c:\script.ps1
//4. Execute PowerShell with ps1 script file
waithidden “{parameter “PowerShellexe”}” -file “c:\script.ps1 | Format-Table -AutoSize -Property Name,RuleType,Profile -Wrap”
//5. Restore ExecutionPolicy back
if {parameter "PolicyExisted" as boolean}
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="{parameter "oldExecutionPolicy"}"
else
regdelete "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"
endif
//============================================================================
I tested my modification in the fixlet debugger, and everything came out ok. So, I created an action in BigFix, hoping that the results would be the same. The BigFix console does report that the action completes successfully, but I am supposed to receive an e-mail when the powershell script completes… So, the powershell script is failing. I know that the steps 1-3 of the action script execute successfully (I can RDP to the server and see that there is a script.ps1 in C:)… So I think the action script is failing at Step 4, where powershell.exe is invoked…