Question about deploying powershell script via KACE K 1000
Is there a way to push a line of powershell script via KACE K1000 without having to call a .ps1 file? I know there is some sort of native support for PS now but I haven't found any info on how it works.
I keep running into an issue when calling a ps1 file (via Scripting) where it shows in KACE as successful but it never actually runs on the machine. I have tried the command to run the 64bit powershell from %SystemRoot%\system32\WindowsPowerShell\v1.0 using parameters: -executionpolicy bypass -windowstyle hidden -file "$(KACE_DEPENDENCY_DIR)\script.ps1 but it still doesn't ever run the file successfully. I feel like some parameter involved in how I'm trying to call Powershell is the point of failure. I've got Windows Run As in KACE set to run using Admin credentials which I'm assuming is calling powershell in Admin mode (this Run As fixed a similar issue I had when installing Chrome via Script which needed elevated rights in cmd)?
Answers (2)
When I want to run a PowerShell command or script I will have the following settings:
- Make sure Enabled is selected
- Type = Online Shell Script
- Operating systems = All Windows
- Run as = (Select how you want to run it)
- Script Text = Your PS command or script text
- Script File Name = Yourname.ps1
Be careful that you know the perspective of how the script is being run under "Run As" selection. If you are running it as Logged In User, the user needs to have the access to run the command. If you chose to run as System, keep in mind that Network Drives are not mapped to the System and user folders like %USERPROFILE%\Desktop are not the logged in user's folders.
(This web page is unCoding the Code blocks I put in; so I'm putting the code in a different color.)
Because the K1 client is 32-bit, it calls the 32-bit version of Powershell. Even when you specify the 64-bit path, the K1 and/or Windows switch the path to the 32-bit version. Instead of using "system32", use "sysnative" instead; that will force the 64-bit version.
Unfortunately (because KACE won't provide the necessary feature code), if you write the Powershell directly in the "Online Shell" script's text editor window, and name the script "something.ps1", it will always default to using the 32-bit Powershell. There are two ways around this:
1) Write the Powershell script "something.ps1" and include it as a dependency, and then call it from the text editor window like so:
%SystemRoot%\Sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass .\something.ps1or
2) Use a redirection trick in batch to create the .ps1 on the fly, and then run it as above. (It makes for ugly code, but it's all right there in the window, editable for debugging, etc, without re-dependency-ing the script as a dependency every time), like the following script, which will echo Powershell commands to an external Powershell script file ("Create-LocalUser.ps1"), and then run that script file. (Note, you really don't want to use a password like this, out in plain, open, unencrypted text, but this is just a demo.) To get a better idea of how this works, make sure to not "delete files" when you create your K1 script, and after running it against a test box, look in that text box's "scripts" directory at the files there, and you can see what the created file looks like. You can also look at the script-run's log file. As mentioned, this method is ugly, but it produces some decent documentation as it goes, and as mentioned, is directly editable. This script would create a local user, using 64-bit Powershell commands. (These commands are not available in 32-bit Powershell; come on, KACE, give us a click box on the script window to tell it to run 64-bit instead of 32-bit Powershell, which would simplify this a lot.)
echo Use some batch magic to create a PowerShell script
(
echo $username = "mygenericuser"
echo $password = ConvertTo-SecureString "NeverPutPasswordsInPlainTextLikeI'mDoingHere" -AsPlainText -Force
echo $fullname = "Gene Ric, My Generic User"
echo $description = "Generic User"
echo " "
echo Write-Output "List of Users, Before" ^| Tee-Object -FilePath .\UserList.txt
echo Get-LocalUser ^| Tee-Object -Append -FilePath .\UserList.txt
echo Write-Output "`Attempting to add user ""$fullname"" now." ^| Tee-Object -Append -FilePath .\UserList.txt
echo New-LocalUser -Name $username -Password $password -FullName $fullname -Description $description ^| Tee-Object -Append -FilePath .\UserList.txt
echo Write-Output "List of Users, After" ^| Tee-Object -Append -FilePath .\UserList.txt
echo Get-LocalUser ^| Tee-Object -Append -FilePath .\UserList.txt
) > Create-LocalUser.ps1
echo Then run the PowerShell script, in 64-bit PowerShell
%SystemRoot%\Sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass .\Create-LocalUser.ps1
