0

I have a PS Script that I want to share it with some people. I only want people to be able to execute it, not viewing or modifying it. How would I do that?

Also assuming the people I share the script with know little about PowerShell and how to change execution policy to make it run what would be the best way to do it? I was thinking of making a bat file and set execution policy to unsigned because remotesigned doesn't execute files from the internet right? Would unsigned cause any problem for security since I only execute a single script?

Lastly, I will be storing some password with convertto/from securestring Would it matter to setup securestring if my file can not be modified in question 1? What happens in the case if I forget my password while using securestring method?

Improve this question
9
  • 3
    You don't. To execute a script, one needs read permissions. Please describe with more details what you would like to really achieve. Maybe there's better a way. Commented Jun 1, 2017 at 12:05
  • If you are sharing the script you cannot store the password the way you mention. It is keyed to the user and computer that created it. Moving it will render it useless. Commented Jun 1, 2017 at 12:17
  • If you were to set up a centralized device or server that people can remote into, you could use the asynch method to store credentials, that's what I do for all of my shared scripts. I'd also think that you could then add set-execution policy to their PS Profile but I've never tried that. Commented Jun 1, 2017 at 12:27
  • @Matt Well, one can pass -Key <Byte[]> to ConvertTo-SecureString to use pre-generated key and share that on multiple computers and/or accounts. Commented Jun 1, 2017 at 12:33
  • @vonPryz Cool I didnt know that. In either case what is the point then? The credentials would be there for people to decode anyway then right? Sounds like security through obscurity. Commented Jun 1, 2017 at 12:34

1 Answer 1

Reset to default
1

You could download and install PowerGui, and then compile your .ps1 file to be a .exe however they would still be able to pull the contents of the file when they run it as it exports a copy to %temp%, but they would not be able to 'easily' modify the file. I say 'easily' because basically anything with computers can be performed with the will, time, and smarts to know what you're doing, and I don't know how secure this password or anything else needs to be.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I will give PowerGUI a try later, I don't want people to be able to see the cintent because it's something I have been working for a while and don't want ppl to copy paste it

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.