Fixlet with a powershell scritp to remove Win 10 1809 APP

Bprata · May 29, 2019, 2:45pm

Hello Wolrd!
This fixlet need to be run on as loca user instead of system user, because the powershell does not indentify the information over to the system user.

I would like to run this script as local user, but with my domain credentials. Can somebody help me please?

Completed extract 5743d19277059f9ccc1943ae125402fcd775364b C:\TEMP\REMOVEAPPS
Completed action parameter query “User” with description "Please enter user AD (Domaini\user):"
Completed action parameter query “Password” with description "Please enter user AD password:"
Completed override wait

Failed runas=localuser
asadmin=true
user= parameter “User” of action
password= parameter “Password” of action

     wait "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -ExecutionPolicy Bypass -File C:\TEMP\REMOVEAPPS\removeapps.ps1

JasonWalker · May 29, 2019, 4:20pm

Be aware the method you are using exposes the password you are using, it is trivial to retrieve it. You’ll want to rewrite this fixlet to use Secure Parameters before doing anything else with it.

Once you have this as a Secure Parameter task, there are options for override wait that can make the script run in the user context you specify.

Bprata · May 29, 2019, 5:48pm

thank you for the feedback I just modify the line: action parameter query secure “Secret” with description “Please enter user AD password:” Is it correct right?

bus it still not working.

Bprata · May 29, 2019, 5:50pm

@JasonWalker
My script:

extract 5743d19277059f9ccc1943ae125402fcd775364b C:\TEMP\REMOVEAPPS

action parameter query “User” with description "Please enter user AD (Domaini\user):"
action parameter query secure “Secret” with description “Please enter user AD password:”

override wait
runas=localuser
asadmin=true
user= parameter “User” of action
password= parameter “Secret” of action

wait “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -ExecutionPolicy Bypass -ExecutionPolicy Bypass -File C:\TEMP\REMOVEAPPS\removeapps.ps1

Bprata · May 29, 2019, 6:20pm

@jgstew

Can you help me please? The user that we usually type is member of the local administrators group.

JasonWalker · May 29, 2019, 6:32pm

Are you using a secure Parameterized Fixlet (where the password prompt is an HTML textbox in the Description field, and there is a javascript using TakeSecureFixletAction() ? There’s an example at https://bigfix.me/fixlet/details/3678 , sorry if you’re already using that and I misunderstood.

I believe your syntax is mostly correct but you need to use {} to perform the relevance substitutions

user= {parameter “User” of action}
password="{parameter “Secret” of action}"

AlanM · May 30, 2019, 6:37pm

There is no prompt like this available in actionscript. You would have to use the method that @JasonWalker mentioned and put the javascript in the description to do this.

Bprata · June 6, 2019, 10:41am

If I put like below it is no secure?

extract 5743d19277059f9ccc1943ae125402fcd775364b C:\TEMP\REMOVEAPPS

action parameter query “User” with description "Please enter user AD (Domaini\user):"
action parameter query secure “Secret” with description “Please enter user AD password:”

override wait
runas=localuser
asadmin=true
user= parameter “User” of action
password= parameter “Secret” of action

wait “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -ExecutionPolicy Bypass -ExecutionPolicy Bypass -File C:\TEMP\REMOVEAPPS\removeapps.ps1

brolly33 · June 6, 2019, 3:30pm

This method does not exist:
action parameter query secure “Secret” with description “Please enter user AD password:”

The Secure Parameter Fixlet is your safe path. @JasonWalker provided the sample Fixlet on bigfix.me in the post above.