Run a remote powershell script from a batch file - powershell

I want to have my batch file run a remote powerhell script.
I have Powershell \ip\Myscript.ps1
But it asks me for do i want to run this remote script.
I want to bypass this. with a -confirm:$false
How can i use that in a batch.

You got a few options here.
Copy the .ps1 file to a local directory and then call it via
Powershell. An ugly hack, but sometimes necessary if Execution Policy must not be changed.
Sign the .ps1 file. A huge pain in the backside.
Tell Powershell not to worry about Execytion Policy. The easy and dangerous way: powershell -executionpolicy unrestricted \\server\share\someScript.ps1.

Related

Execute PowerShell script from network folder

I'm developing a quite large automatic build in TFS2017 with a local VSTS build machine. My custom tasks will be mostly in PowerShell.
The inline PowerShell task handles only 500 or so characters and is too small to use for most tasks. Right now I'm editing my Powershell script, check it in, test run, read log for errors, correct, check in again and so on.
This is a bit tedious and I wonder if there are any options. I would like to avoid checking in each change in the script. Are there any options like executing my Powershell tasks from a network location during development of the build process?
You can specify UNC file path in PowerShell task.
You also can store the script files in a server (e.g. FTP), then download the file to working directory during build through PowerShell or others task.
On the other hand, there is PowerShell on Target machines task that can execute PowerShell scripts on remote machines.
You can use dot sourcing with your UNC path:
PS> . \\server\path\to\your\scriptmcscript.ps1
or use the invocation operator:
& \\server\path\to\your\scriptmcscript.ps1
You can use UNC path for the file with Powershell Task.
Or you could use the Powershell on target machine to run it.
But be careful about your choice. You have to keep in mind that who is running your script is the build/deployment agent. So while you are running it in your corporate network everything will be fine, because your agent can see your UNC path.
The moment you use that agent on a machine outside your network you will have to think about another solution, which may include saving your powershell file to a repo like Git or TFVC and then download the file to the local computer where you are running the agent.
This is the only way that works for me, call PowerShell from a .batch script with execution policy set to bypass (scope - process only)
-NonInteractive = do not prompt for confirm
-NoProfile = run under system context
powershell.exe -NoProfile -ExecutionPolicy Bypass -NonInteractive -Command C:\Users\User\Script.ps1

PowerShell execution policy subverted by a powershell.exe parameter

In PowerShell, is there an advantage to a restrictive execution policy besides trying to control which script files can run?
By default, PowerShell scripts are not allowed to run, but it seems like if a malicious party wants to run PowerShell script they can just bootstrap into it using a BAT file that calls PowerShell with the -ExecutionPolicy parameter set to "bypass".
Am I missing something, or does this defeat the execution policy mechanism? Why sign scripts (which looks like quite a hassle) when you can just make the execution policy less restrictive?
Below is a BAT script I wrote that creates an unsigned .ps1 file and runs it. It works on a machine with the execution policy of Restricted, which should disallow scripts. UAC is on and no elevation prompt is shown. It even dials out to the Internet and gets the latest headline of the "Hey, Scripting Guy!" blog.
echo write-host "`r`nPowershell code running on $(hostname).`r`n`r`nHere's the latest headline from the 'Hey, Scripting Guy!' blog: '$(([xml](New-Object Net.WebClient).DownloadString("http://blogs.technet.com/b/heyscriptingguy/atom.aspx")).feed.entry[0].title)'.`r`n`r`nPress Enter to close.`r`n"; read-host > script.ps1
powershell -ExecutionPolicy bypass -Command .\script.ps1
The execution policy will prevent someone from modifying an existing script that's being run by someone else, or as an automated process (e.g. a scheduled task). From a security standpoint, using that .bat file is no different that compiling code to do the same thing into an .exe.
Also, the -ExecutionPolicy parameter doesn't work when the execution policy is set via local/group policy on the machine (per Ansgar's comment on the question).
The default PowerShell execution policy of disallowing scripts is useful for little more than preventing accidental invocations of the script. It can be trivially violated, even on earlier versions of powershell which didn't have the per instance parameter, by doing the following
Open any script you want to run in notepad
Copy the contents to the clipboard
Paste the clipboard to an instance of powershell
Anyone who really wants to run a script can do so using this or a variety of other mechanisms. It's only really useful for preventing unintentional execution of scripts

Powershell script works when remoted in, but not as Azure startup task

I have an powershell script saved in a .cmd file that downloads a file from the web and then unzips it. My azure web role executes it upon startup. This is the script:
powershell -ExecutionPolicy Bypass -c $(New-Object Net.WebClient).DownloadFile('URL.zip', 'FILE.zip') ;
(New-Object -com shell.application).namespace('c:\FOLDER').Copyhere((New-Object -com shell.application).namespace('FILE.zip').items())
When I run the script via Azure startup tasks:
The first part of the script works. The file is downloaded. The second part of the script which unzips does not run.
When I run the script via the command line when remoted into the VM:
The entire script runs.
I therefore know this is not a syntax error. The only difference I can think of between the two cases above is a permissions issue. But, I am running powershell with -ExecutionPolicy set to Bypass, which is the highest permission level. Anybody have any ideas? Thanks!
Change the command so that the output of the command is dumped into a file. Something like this should work
<YOUR_COMMAND> > out.log 2> err.log
Run the task again and checkout the output in the logs.
Also, you are using relative paths rather than absolute ones. The scheduled task probably run with the windows system folder as its working directory, so you may be getting a permissions error from that. Try using an absolute path to a directory you created.

PowerShell script to restart a service

My mission is to press a keyboard sequence, such as Ctrl +Shift +R, to restart a Windows Service.
I have a script which works fine in the PowerShell ISE, when launched with administrative privileges.
When I try with a PowerShell script it fails due to insufficient Administrative Privileges. It’s galling that I can get it to work with an old-fashioned bat file, but not PowerShell.
The root of the problem is that shortcuts to a PowerShell script have their Administrative privileges box greyed out. So far no work-around has overcome this privilege problem.
Any ideas?
One approach is to start another elevated PowerShell session within your script like so:
Start-Process PowerShell.exe -arg '-nologo -noprofile script.ps1' -verb runas
That should prompt to elevate the new PowerShell session. I think you should be able to set the -WindowStyle parameter such that the new window doens't appear (if you need that behavior). Note that you will need to specify the full path to your existing script.
You suggest you don't like solving this problem with a batch file (e.g. net start), I think because batch files are inherently more limited than powershell scripts. What you can do is wrap your Ps script in a batch file, though, for the sake of accomplishing your stated objective -- running a powershell script with a keyboard shortcut without access permissions issues. Try this in a batch file:
powershell set-executionpolicy remotesigned
powershell myscript.ps1

Set up PowerShell Script for Automatic Execution

I have a few lines of PowerShell code that I would like to use as an automated script. The way I would like it to be able to work is to be able to call it using one of the following options:
One command line that opens PowerShell, executes script and closes PowerShell (this would be used for a global build-routine)
A file that I can double-click to run the above (I would use this method when manually testing components of my build process)
I have been going through PowerShell documentation online, and although I can find lots of scripts, I have been unable to find instructions on how to do what I need. Thanks for the help.
From http://blogs.msdn.com/b/jaybaz_ms/archive/2007/04/26/powershell-polyglot.aspx
If you're willing to sully your beautiful PowerShell script with a little CMD, you can use a PowerShell-CMD polyglot trick. Save your PowerShell script as a .CMD file, and put this line at the top:
#PowerShell -ExecutionPolicy Bypass -Command Invoke-Expression $('$args=#(^&{$args} %*);'+[String]::Join(';',(Get-Content '%~f0') -notmatch '^^#PowerShell.*EOF$')) & goto :EOF
If you need to support quoted arguments, there's a longer version, which also allows comments. (note the unusual CMD commenting trick of double #).
##:: This prolog allows a PowerShell script to be embedded in a .CMD file.
##:: Any non-PowerShell content must be preceeded by "##"
##setlocal
##set POWERSHELL_BAT_ARGS=%*
##if defined POWERSHELL_BAT_ARGS set POWERSHELL_BAT_ARGS=%POWERSHELL_BAT_ARGS:"=\"%
##PowerShell -ExecutionPolicy Bypass -Command Invoke-Expression $('$args=#(^&{$args} %POWERSHELL_BAT_ARGS%);'+[String]::Join(';',$((Get-Content '%~f0') -notmatch '^^##'))) & goto :EOF
Save your script as a .ps1 file and launch it using powershell.exe, like this:
powershell.exe .\foo.ps1
Make sure you specify the full path to the script, and make sure you have set your execution policy level to at least "RemoteSigned" so that unsigned local scripts can be run.
Run Script Automatically From Another Script (e.g. Batch File)
As Matt Hamilton suggested, simply create your PowerShell .ps1 script and call it using:
PowerShell C:\Path\To\YourPowerShellScript.ps1
or if your batch file's working directory is the same directory that the PowerShell script is in, you can use a relative path:
PowerShell .\YourPowerShellScript.ps1
And before this will work you will need to set the PC's Execution Policy, which I show how to do down below.
Run Script Manually Method 1
You can see my blog post for more information, but essentially create your PowerShell .ps1 script file to do what you want, and then create a .cmd batch file in the same directory and use the following for the file's contents:
#ECHO OFF
SET ThisScriptsDirectory=%~dp0
SET PowerShellScriptPath=%ThisScriptsDirectory%MyPowerShellScript.ps1
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%PowerShellScriptPath%'"
Replacing MyPowerShellScript.ps1 on the 3rd line with the file name of your PowerShell script.
This will allow you to simply double click the batch file to run your PowerShell script, and will avoid you having to change your PowerShell Execution Policy.
My blog post also shows how to run the PowerShell script as an admin if that is something you need to do.
Run Script Manually Method 2
Alternatively, if you don't want to create a batch file for each of your PowerShell scripts, you can change the default PowerShell script behavior from Edit to Run, allowing you to double-click your .ps1 files to run them.
There is an additional registry setting that you will want to modify so that you can run scripts whose file path contains spaces. I show how to do both of these things on this blog post.
With this method however, you will first need to set your execution policy to allow scripts to be ran. You only need to do this once per PC and it can be done by running this line in a PowerShell command prompt.
Start-Process PowerShell -ArgumentList 'Set-ExecutionPolicy RemoteSigned -Force' -Verb RunAs
Set-ExecutionPolicy RemoteSigned -Force is the command that actually changes the execution policy; this sets it to RemoteSigned, so you can change that to something else if you need. Also, this line will automatically run PowerShell as an admin for you, which is required in order to change the execution policy.
Source for Matt's answer.
I can get it to run by double-clicking a file by creating a batch file with the following in it:
C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe LocationOfPS1File
you can use this command :
powershell.exe -argument c:\scriptPath\Script.ps1