Running Powershell Script through BigFix

Hi I want to Run a powershell script through BigFix it’s getting Failed


. Please can anyone suggest me actions commands i need to add to the existing actions.

You need to remove the “{” and the “}” from around the file path. Bigfix uses { and } to surround relevance in actions.

There are several ways you can try running it. Any of these should work:

wait powershell.exe -ExecutionPolicy Bypass C:\Users\asyed\Documents\WindowsUnquote\WindowsUnquote.ps1

wait powershell.exe -WindowStyle Hidden -NonInteractive -ExecutionPolicy Bypass C:\Users\asyed\Documents\WindowsUnquote\WindowsUnquote.ps1

waithidden powershell.exe -ExecutionPolicy Bypass C:\Users\asyed\Documents\WindowsUnquote\WindowsUnquote.ps1

runhidden powershell.exe -ExecutionPolicy Bypass C:\Users\asyed\Documents\WindowsUnquote\WindowsUnquote.ps1

1 Like

Thanks Dakota for the help, Actually in Bigfix Action console it shows it’s completed but actually the script is not running on server .Please help me out

I noticed that I had spelled Unquote differently than you in the file path. Did you happen to copy and paste what I wrote?

yes i had used the spelling correct even it’s showing same the script is not running on server may be due to restricted access .Pls can you provide more insight because i have tested that my powershell script runs good manually through powershell

The BigFix Client runs in the SYSTEM security context. The script is located in your User folder, which may not be accessible from SYSTEM. You can use the SysInternals program psexec to open a Command prompt in the SYSTEM security context to verify if this is the case.

psexec -i -s cmd.exe

1 Like

can you be precise where i have to add these command. really appreciate for the help.

And below is the script which i am using
Completed // Enter your actio// Enter your action script here
Completed //============================================================================
Completed //PowerShell Script…
Completed //
Completed //THIS TASK WILL DOWNLOAD AND EXECUTE A POWERSHELL SCRIPT THAT WILL add qoutes
Completed //============================================================================
Completed //1. Save old ExecutionPolicy value
Completed parameter “PolicyExisted”="{exists value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry}“
Completed parameter “oldExecutionPolicy”=”{if (parameter “PolicyExisted” as boolean) then (value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry as string) else “”}"
Completed //============================================================================
Completed //2. set to ExecutionPolicy=Unrestricted and set the powershell executable location
Completed //we need to determine what the current execution policy is so we can put it back when we’re done.
Completed regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”="Unrestricted"
Completed parameter “PowerShellexe” = “C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe"
Completed //============================================================================
Completed //3. If C:\temp doesn’t exist, create it
Completed //
Completed if {not exists folder “c:\temp”}
Completed waithidden cmd.exe /C mkdir c:\temp
Completed else
Completed endif
Completed //============================================================================
Completed //4. Execute PowerShell with ps1 script file
Completed action uses wow64 redirection false
Completed waithidden powershell.exe -ExecutionPolicy Bypass C:\temp\WindowsUnqoute\WindowsUnqoute.ps1
Completed action uses wow64 redirection {x64 of operating system}
Completed //============================================================================
Completed //5. Restore ExecutionPolicy back
Completed if {parameter “PolicyExisted” as boolean}
Completed regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=”{parameter “oldExecutionPolicy”}"
Completed else
Completed regdelete “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” "ExecutionPolicy"
Completed endif

though action says completed but actually script is not running on the servers .pls need the help in these guys

What you’re doing appears way too complicated. You don’t need to backup & restore the Powershell Execution Policy, because you’re bypassing that policy on the command line anyway.

Does the “C:\temp\WindowsUnqoute\WindowsUnqoute.ps1” file actually exist? Does it do anything when you run it on a command line? Does it need any additional parameters, for instance to specify a name of a file or whatever in which it is going to un-quote things? If the Powershell script itself works as-is (when run via psexec -i -s cmd.exe, as @itsmpro92 already noted), then you should be able to run the same via BigFix as simply

waithidden powershell.exe -ExecutionPolicy Bypass -File C:\temp\WindowsUnqoute\WindowsUnqoute.ps1

Just a side note from needing to use brackets in scripts, If you want BigFix to not try to parameterize the brackets, you have to include an extra opening bracket.

{{Whatever you need in brackets}

You don’t need them in your original question though.

Hi jason,

i have removed all the commands not to make it complicated. It is running successfully on Actions but on the Server the powershell scripts are not running . And about the psexec can you suggest where i should be running the command

You can download PSExec from Microsoft Sysinternals https://microsoft.com/sysinternals.

To get a shell like what the BigFix client uses with wow64 redirection turned off, open a command prompt and enter

psexec -i -s c:\windows\system32\cmd.exe

This opens a new command prompt window, running as the SYSTEM account. Then try running your powershell script, you should see the same sort of results as when it runs under BigFix

powershell.exe -ExecutionPolicy Bypass -File c:\temp\WindowsUnquote\WindowsUnquote.ps1

To simulate the default BigFix environment (32-bit mode), one could invoke psexec via

psexec -i -s c:\windows\syswow64\cmd.exe

i ran psexec as you suggested it ran successfully

in wow64 and default BigFix environment (32-bit mode). So I feel there is no issue with execution by pass. But still same thing it’s showing as completed in Actions but on server the powershell script is not running some how.Please help

The error code shown is -196608 (0xFFFD000 in hex). From what I can gather, this indicates a problem with permissions or authentication when the script is run as SYSTEM. See: https://www.briantist.com/errors/scheduled-task-powershell-0xfffd0000/

What exactly does the WindowsUnquote.ps1 do? Do you have commands in the script that depend on a PATH environment variable? Does it access a shared folder on another server? Does it need to access restricted folders on the current server?

Another possibility is that your command needs double-quotes around the script file parameter: "C:\temp\WindowsUnquote\WindowsUnquote.ps1". Looking around at old forum posts, most of the time I see double-quotes being used.

I am also trying to run a .ps1 through a bigfix package. It is to edit the Bios. I get the -196608 code as well. says it completed on BF but did not run the script on the clients machine. I tried adding the “” around the file parameter as well but no success. Any ideas?

Also, my file is in a network drive.

Don’t use a network drive, download the script to the client.

Thank you. I have actually fixed that. Below is my current action script. The first section which places the files on the client computer works fine. running the script still doesn’t. I’m sure my action script is just wrong but any insight is appreciated.

//Create a new folder and place PS script and required files onto computer//
prefetch 704a8ca593ec7a77017ba4d41300e5039b66674f sha1:704a8ca593ec7a77017ba4d41300e5039b66674f size:781897 http://******************consonto.adatum.com:52311/Uploads/704a8ca593ec7a77017ba4d41300e5039b66674f/Files.tmp sha256:b78c8bdb016b57d75ff94e8555f33ef20d80c9bedd528304e5b93fe7203b05ad
folder create "c:\ProgramData\CredGuard"
extract 704a8ca593ec7a77017ba4d41300e5039b66674f “c:\ProgramData\CredGuard”

//Runs PowerShell script to change BIOS settings//
action uses wow64 redirection false
wait powershell.exe -executionpolicy bypass -file “c:\ProgramData\CredGuard\cred.ps1”

Hmmm. You’ve hit on all the points I’d want to check, especially with wow64 redirection, relocating the powershell script…

Let’s try and see if it’s a problem with using the LocalSystem account. You can emulate the environment in which Bigfix runs, using psexec ( https://microsoft.com/sysinternals )

Try running
Psexec -i -s cmd.exe

That will give a command promot runnin as the system account. Try running the powershell script from there and see whether it’s successfule, or whether it gives any useful error messages.