Deploying powershell scripts via BigFix

(imported topic written by dmoore21)

I’ve written a Powershell script that I would like to be remotely deployed with TEM. But I think I’ve run in to a problem… The script has a mandatory parameter, but I don’t think that the TEM Action Script is passing the parameter to the script… So, I was wondering if what I am attempting to do is possible…

Here’s the action script:

//============================================================================
//PowerShell Script…
//
//THIS TASK WILL DOWNLOAD AND EXECUTE A POWERSHELL SCRIPT THAT WILL Audit SQL Server 2008
//IAW THE CIS Benchmark for SQL Server 2008.
//AUDIT-SQL2008V2.PS1 USES A CUSTOM INVOKE-SQLCMD FUNCTION SO THAT OPTIONAL SQL SERVER
//MANAGEMENT TOOLS DO NOT NEED TO BE INSTALLED.
//
//NOTE: LINE 39 REQUIRES YOU TO ENTER THE INSTANCE NAME OF THE DB YOU ARE AUDITING!!
//
//============================================================================
//1. Save old ExecutionPolicy value
parameter “PolicyExisted”="{exists value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry}“
parameter “oldExecutionPolicy”=”{if (parameter “PolicyExisted” as boolean) then (value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry as string) else “”}"
//============================================================================
//2. set to ExecutionPolicy=Unrestricted and set the powershell executable location
//we need to determine what the current execution policy is so we can put it back when we’re done.
regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=“Unrestricted"
parameter “PowerShellexe” = “C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe”
//============================================================================
//3. If C:\temp doesn’t exist, create it
//
if {not exists folder “c:\temp”}
waithidden cmd.exe /C mkdir c:\temp
else
endif
//============================================================================
//4.
//
delete c:\audit-sql2008v2.ps1
//============================================================================
//5. Clear any existing script and DL PowerShell script
delete c:\audit-sql2008v2.ps1
download
http://TEM-SERVER:52311/Uploads/audit-sql2008v2.ps1
continue if {(size of it = xxxxx AND sha1 of it = “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”) of file “audit-sql2008v2.ps1” of folder “__Download”}
move __Download\audit-sql2008v2.ps1 c:\audit-sql2008v2.ps1
//============================================================================
//6. Execute PowerShell with ps1 script file
waithidden “{parameter “PowerShellexe”}” -file “c:\audit-sql2008v2.ps1 -Instancename Hostname\Instancename”
//============================================================================
//7. Restore ExecutionPolicy back
if {parameter “PolicyExisted” as boolean}
regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=”{parameter “oldExecutionPolicy”}"
else
regdelete “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” "ExecutionPolicy"
endif
//============================================================================
//8. Cleanup Scripts
delete c:\audit-sql2008v2.ps1
//============================================================================

(imported comment written by dmoore21)

Nothing yet? I’ve modified my script so that it doesn’t need a parameter… but I would really like to be able to use the script as originally written…

(imported comment written by NoahSalzman)

Assuming this is the line you are having trouble with, maybe try:

waithidden "{parameter "PowerShellexe"}" -file "c:\audit-sql2008v2.ps1" -Instancename "Hostname\Instancename"

(imported comment written by NivS)

You can also skip the ExecutionPolicy bit by running powershell exe with the ExecutionPolicy switch:

-ExecutionPolicy Unrestricted

This will run the current script with the Unrestricted policy.

(imported comment written by jgstew)

This method proposed by NivS is much easier than storing and restoring the current policy.