I need to deploy a PowerShell script the requires parameters to be set before being executed in order for TFS Agents can be properly configured on the endpoint.
What or how is the best way so that when I goto deploy this task I am prompted to key in these values and then have them deploy with the script so everything runs correctly?
You can used “parameterized fixlets” to have either set values to choose from, or free form entry
You could also use action parameter query to ask for the operator to enter the values. This is easier way to get started, but less robust, and also doesn’t support encrypted parameters.
Once you collect the values, then you can use relevance substitution to put the entered values into the command.
We do use the action parameter query when adding client settings, like identifying the System Manager for a server owner.
action parameter query “SystemManagerName” with description “Enter the SystemManagerName.”
setting “SystemManagerName”=“{parameter “SystemManagerName” of action}” on “{parameter “action issue date” of action}” for client
I just am not envisioning how this would work for the PowerShell script.
action parameter query “DeploymentGroup” with description “Enter the DeploymentGroup value”
Where or how or what would the setting “DeploymentGroup”= stuff look like for the PowerShell script. Or what is the other method you were referencing?
I am newbie material so easier is better plus these only come around once in a blue moon.
Here’s also an example of using parameters to rename a PC joined to a domain
<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<Task>
<Title>Rename PC (Win10)</Title>
<Description><![CDATA[<P><B>Please Enter your Domain Username and Password. This will be used for changing the name and re-adding it back to the Domain </P></B>
<P>Username: <INPUT id=username name=username> </P>
<P>Password: <INPUT id=pw type=password name=pw> </P><script>
document.body.ontakeaction = function() {
var User = document.getElementById( "username" ).value;
var Pass = document.getElementById( "pw" ).value;
TakeSecureFixletAction( Relevance('id of current fixlet'), Relevance('id of current bes site'), "Action1", {}, { username: User, pw: Pass } );
return false;
}
</script> ]]></Description>
<Relevance>true</Relevance>
<Category></Category>
<Source>Internal</Source>
<SourceID></SourceID>
<SourceReleaseDate>2020-04-24</SourceReleaseDate>
<SourceSeverity></SourceSeverity>
<CVENames></CVENames>
<SANSID></SANSID>
<MIMEField>
<Name>x-fixlet-modification-time</Name>
<Value>Fri, 24 Apr 2020 17:49:55 +0000</Value>
</MIMEField>
<Domain>BESC</Domain>
<DefaultAction ID="Action1">
<Description>
<PreLink>Click </PreLink>
<Link>here</Link>
<PostLink> to deploy this action.</PostLink>
</Description>
<ActionScript MIMEType="application/x-Fixlet-Windows-Shell">action uses wow64 redirection {not x64 of operating system}
action parameter query "PCName" with description "Please enter the New PC Name" with default value "New PC Name"
delete __createfile
createfile until END_OF_FILE
$bfuser = '{parameter "username" of action}'
$bfpass = '{parameter "pw" of action}'
$password = $bfpass | ConvertTo-SecureString -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PsCredential -ArgumentList $bfuser, $Password
Rename-Computer -NewName "{parameter "PCName"}" -DomainCredential $Credential -Force
END_OF_FILE
delete powershell.ps1
move __createfile powershell.ps1
waithidden { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File powershell.ps1
delete powershell.ps1</ActionScript>
</DefaultAction>
</Task>
</BES>
This will put the actual password into the file, written to disk. It is slightly safer to send the password as an argument instead of hard coding it into the file. If the action didn’t complete for some reason, the file could remain.
You can skip all that and just put powershell and that works in most cases, as long as it is in the 32bit PATH or if you disable wow redirection and it is in the 64bit PATH.
Is there a way to allow a domain joined computer to rename itself? I find this so annoying that you have to provide AD creds to rename a computer.
Yea I noticed that, is there a way to use it as an argument while remaining hidden from the console? Unless I’m overlooking something I have not been able to rename any computers on my end without AD creds.
BigFix automatically will not show the console arguments if the action uses secure parameters in the client logs, but you can also enable this at any time for any action.