Integrating Powershell

system · September 20, 2010, 10:24pm

(imported topic written by SystemAdmin)

I’m a powershell guru and love to access the power of it even while i’m working remotely…

I’ll post what i’ve learned here so all can benefit…

First things thus far:

Detecting the location of powershell.exe via relevance:

value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry

Detecting the version of powershell:

value “PowerShellVersion” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine” of registry

system · September 21, 2010, 12:02am

(imported comment written by SystemAdmin)

New update… below is a bes file/xml/task which can be used as a template for your powershell scripts…

The overall relevance makes sure powershell 2.0 is installed and the exe exists. Then a very simple example of creating a new ps1 script and executing it.

<?xml version="1.0" encoding="UTF-8"?> Powershell 2.0: Task Template

<![CDATA[

This task is a simple powershell 2.0.

Use this as a template for running a powershell script on a remote system.

Overall relevance checks to see if Powershell 2.0 is installed and validates the powershell exe exists.

]]>

(if exists value “PowerShellVersion” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine” of registry then (value “PowerShellVersion” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine” of registry as string = “2.0”) else false) AND (if exists value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry then exists file (value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry as string) else false)

Powershell

Daniel Moran

2010-09-20

<![CDATA

Click ]

here

<![CDATA

http:// to deploy this action. ]

parameter “PowerShellexe”=“{value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry}”

//Create script now…

delete __appendfile

appendfile get-help get-help

move __appendfile script.ps1

//execute it using the powershell path

wait {parameter “PowerShellexe”} script.ps1

//Optional: add validation stuff here… to make sure it did what you’d like

TimRice · July 22, 2014, 4:54pm

(imported comment written by Tim.Rice)

Not sure if this is related to something particular to our local environment, the version of PowerShell or what, but to get Powershell to execute a script dropped by a Task, we have to execute it as follows …

wait {parameter “PowerShellexe”} .\script.ps1

Without the “.” PowerShell refuses to execute the script. It insists on having some form of Path with the file.

A good reference, found by a co-worker, is
http://technet.microsoft.com/en-us/library/ee176949.aspx

system · September 21, 2010, 12:25am

(imported comment written by SystemAdmin)

This BES task/file/xml can be used to distribute the Powershell 2.0 installer onto potential computers.

The overall relevance determines if the end client is the proper version of windows and doesn’t already have powershell 2.0 installed.

NOTE: You’ll need to download and publish the 5 different installer packages within your environment for this to work… They can be downloaded from Microsoft at: http://support.microsoft.com/kb/968929

<?xml version="1.0" encoding="UTF-8"?> Software Distribution - Deploy: Powershell 2.0

<![CDATA[

This task will deploy: Powershell 2.0.

This task is applicable on:

Windows XP x86 (5.84 MB)
Windows 2003 (5.98 MB)
Windows 2003 x64 (9.82 MB)
Windows Vista, Windows 2008 and Windows 7 for x86 (32.4 MB)
Windows Vista, Windows 2008 and Windows 7 for x64 (34.1 MB)

]]>

(if exists value “PowerShellVersion” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine” of registry then not (value “PowerShellVersion” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine” of registry as string = “2.0”) else true) AND ((name of it = “WinXP”) of operating system OR ((name of it = “Win2003” AND x64 of it)) of operating system OR ((name of it = “Win2003” AND x64 of it)) of operating system OR ((name of it = “WinVista” AND product type of it = nt workstation product type AND NOT x64 of it) OR ((name of it = “Win2008” or (name of it = “WinVista” and product type of it != nt workstation product type)) AND NOT x64 of it) OR (name of it = “Win7” AND NOT x64 of it)) of operating system OR ((name of it = “WinVista” AND product type of it = nt workstation product type AND x64 of it) OR ((name of it = “Win2008” or (name of it = “WinVista” and product type of it != nt workstation product type)) AND x64 of it) OR (name of it = “Win7” AND x64 of it) OR name of it = “Win2008R2”) of operating system)

Software Distribution

35005000

Daniel Moran

2010-09-20

Click

here

to initiate the deployment process.

//Windows XP x86

if {(name of it = “WinXP”) of operating system}

download http://

your bigfix server

:52311/Uploads/f570b0ae98ca82ae0291a95ed37f251172ddad2e/WindowsXP-KB968930-x86-ENGexe.tmp

continue if {(size of it = 6131769 AND sha1 of it = “f570b0ae98ca82ae0291a95ed37f251172ddad2e”) of file “WindowsXP-KB968930-x86-ENGexe.tmp” of folder “__Download”}

extract WindowsXP-KB968930-x86-ENGexe.tmp

wait __Download\WindowsXP-KB968930-x86-ENG.exe /quiet /norestart

//Windows 2003

elseif {((name of it = “Win2003” AND x64 of it)) of operating system}

download http://

your bigfix server

:52311/Uploads/2dc6ab1af77c6de43968b7cf9bcdd91ffc5869aa/WindowsServer2003-KB968930-x86-ENGexe.tmp

continue if {(size of it = 6300960 AND sha1 of it = “2dc6ab1af77c6de43968b7cf9bcdd91ffc5869aa”) of file “WindowsServer2003-KB968930-x86-ENGexe.tmp” of folder “__Download”}

extract WindowsServer2003-KB968930-x86-ENGexe.tmp

wait __Download\WindowsServer2003-KB968930-x86-ENG.exe /quiet /norestart

//Windows 2003 x64

elseif {((name of it = “Win2003” AND x64 of it)) of operating system}

download http://

your bigfix server

:52311/Uploads/c8e2e321066129ad98e35cdd9533cf3c369ecc36/WindowsServer2003-KB968930-x64-ENGexe.tmp

continue if {(size of it = 10303885 AND sha1 of it = “c8e2e321066129ad98e35cdd9533cf3c369ecc36”) of file “WindowsServer2003-KB968930-x64-ENGexe.tmp” of folder “__Download”}

extract WindowsServer2003-KB968930-x64-ENGexe.tmp

wait __Download\WindowsServer2003-KB968930-x64-ENG.exe /quiet /norestart

//Windows Vista, Windows 2008 and Windows 7

elseif {((name of it = “WinVista” AND product type of it = nt workstation product type AND NOT x64 of it) OR ((name of it = “Win2008” or (name of it = “WinVista” and product type of it != nt workstation product type)) AND NOT x64 of it) OR (name of it = “Win7” AND NOT x64 of it)) of operating system}

download http://

your bigfix server

:52311/Uploads/df85aac21acb17202b6882e4bc883e10adf0433e/Windows60-KB968930-x86msu.tmp

continue if {(size of it = 33996919 AND sha1 of it = “df85aac21acb17202b6882e4bc883e10adf0433e”) of file “Windows60-KB968930-x86msu.tmp” of folder “__Download”}

extract Windows60-KB968930-x86msu.tmp

wait __Download\Windows6.0-KB968930-x86.msu /quiet /norestart

//Windows Vista x64, Windows 2008 x64, Windows 7 x64, or Windows 2008r2

elseif {((name of it = “WinVista” AND product type of it = nt workstation product type AND x64 of it) OR ((name of it = “Win2008” or (name of it = “WinVista” and product type of it != nt workstation product type)) AND x64 of it) OR (name of it = “Win7” AND x64 of it) OR name of it = “Win2008R2”) of operating system}

download http://

your bigfix server

:52311/Uploads/da3b397e96aafce3ed12729fd6bb3e27da4722c2/Windows60-KB968930-x64msu.tmp

continue if {(size of it = 35844968 AND sha1 of it = “da3b397e96aafce3ed12729fd6bb3e27da4722c2”) of file “Windows60-KB968930-x64msu.tmp” of folder “__Download”}

extract Windows60-KB968930-x64msu.tmp

wait __Download\Windows6.0-KB968930-x64.msu /quiet /norestart

endif

//now configure for remote use

regset "

http://HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

" “ExecutionPolicy”=“Unrestricted”

system · October 13, 2010, 11:44pm

(imported comment written by acwilson91)

This is very helpful, but I’m wondering if we could get BigFix to provide a stock fixlet for detecting/deploying powershell with the other Windows updates.

Is there any chance of that happening? It sure seems like something that would benefit all BES customers.

Thanks.

system · April 21, 2011, 6:38pm

(imported comment written by SystemAdmin)

Utilizing powershell typically means working outside of the BigFix infrastructure. This is somewhat contrary to our ideals.

Although I’ve found in troubleshooting bigfix that PowerShell is a very powerful way of remediating problems with the infrastructure.

I’ve been putting together a powershell module specifically centered around Tivoli Endpoint Manager (TEM). This module is generic enough to work with anybodies infrastructure.

I’m also putting together a series of tasks and analyses that will facilitate the installation and validation of PowerShell on endpoints.

As well as a task for installing the powershell module i’m developing.

When i get further along on it i’ll post it up on the forum.

system · May 20, 2011, 6:44am

(imported comment written by SystemAdmin)

Looking forward to this module