Intro:
So by now you're thinking: hey, powershell might not be so bad after all, but what's up with those weird user rights? It's understandable in this day and age people will try to attack your machine in order to make bank, time to bullet-proof your scripting by digitally signing your scripts. Your last script you probably ran from the powershell window, but now it's time to fire up an IDE of sorts supplied by Microsoft: Windows Powershell ISE! You can read/execute your scripts from the editor along with having a console attached at the bottom to fire off any standalone powershell commands needed along the way.Coding:
Now for an important part: changing permissions on your local machine (or wherever you're going to execute your script) to be able to execute the script. In the last blog I'd discussed how to do that, the option we're going to use this time around is AllSigned. This options allows scripts to be ran if the publisher is trusted. If they're not trusted they won't be executed.
Lets start off with a more advanced powershell script than before, lets write a script that passes the machine name as a parameter so you can see what time the machine booted up.
The code:
<#
.SYNOPSIS
.DESCRIPTION
Gives startup time of the pc the script is executed from
.PARAMETER ComputerName
name of computer the script is running on
.EXAMPLE
.\test.ps1 -ComputerName localhost
#>
param(
[Parameter(Mandatory=$true)][string]$ComputerName
)
Get-WmiObject -Class Win32_OperatingSystem -ComputerName $ComputerName |
Select-Object -Property CSName,@{n="Last Booted";
e={[Management.ManagementDateTimeConverter]::ToDateTime($_.LastBootUpTime)}}
# end of script
As you can see adding a parameter isn't the most difficult concept on earth, but powershell advanced it quite a bit: mandatory usage as well as data type enforcement.So what the script does is fire off a commandlet called Get-WmiObject that helps connect to whatever class you desier. In this case we're going to call the Win32_OperatingSystem object to pull some info from the machine in question (our parameter we're passing) and then display it to the user in a nicely displayed format.
Okay, now we have a script, lets tweak it by adding a site certificate. This example has cheesily been named test.ps1. The command you'll want to fire off first is "get-childitem cert:\CurrentUser\my -codesigning" (all text within the double quotes) which can be done from Powershell ISE. You should see results like the following:
Time to execute that script. .\test.ps1 localhost OR .\test.ps1 -ComputerName localhost should give you a popup like the following:
Choose run once and you should receive something like the following:
Huzzah! Our script has a certificate and passes a parameter. Even better, check out the weird time of day the computer in question started. Go look at your source code again, you'll see a newly added signature block associated with your script.
Enjoy!
Source:
scripting sample
script signing
No comments:
Post a Comment