1

I have a Win Form App (C#) which buttons call powershell script. If I share this app (exe file) I also need to attach all ps1 file with it. For security reason, I wanted to make sure user unable to open ps1 files and read scripts. Is it possible to make them secured?

To elaborate more, I would like to restrict read access to all scripts only. As an app user, user should just simply click buttons to see the results. User should not be able to open script files to see details code. So a user should just click windowsApp.exe and run the Windows Form app. Once click the button it should run ps script. All I am looking into to see if .net can somehow hide all ps1 files from end users visibility.

Thanks in advance for your help!!

Improve this question
8
  • 1
    The user can always decompile your EXE. If you don't want the user to see things, keep them away from their machines entirely. Commented Jan 11, 2017 at 20:57
  • I am not sure if you got it or not. I need to give it to user to run programs. Since ps files will contain sensible info like credentials, it is not advisable to share in read in clear text. We have to have the programming running also have the script un-readable by the user. Commented Jan 11, 2017 at 21:04
  • Any credential that is usable by the user's machine can be read by the user. Period. Moving it out of a Powershell script just makes it a bit harder. Commented Jan 11, 2017 at 21:10
  • You could go crazy trying to hide the credentials. However, anyone with PowerShell skills could very, very quickly find the password. Maybe you should rethink this task...is there a way to limit the power these credentials have? Do you need to give it to the user instead of having them run it on your servers? Commented Jan 11, 2017 at 21:12
  • As said already, decompiling could be an issue. But if you want just a simple answer. With Powershell Studio you are able to compile powershell scripts to .exe and even create .msi installation files. It's not free tho, but they have a trial version. Commented Jan 11, 2017 at 21:17

1 Answer 1

Reset to default
1

Hiding credentials is difficult, if not impossible, to pull off with 100% certainty. It is best practice to prompt for credentials then use them in another cmdlet. For example:

$credential = Get-Credential
Enter-PSSession -ComputerName SERVER01 -Credential $credential

If you hardcode your credentials into the script, you not only open up your password(s) to the users but also can run into issues if your password changes. AD lockouts caused by something like this are a pain to track down.

What exactly are you trying to do? There may be a way to satisfy your requirements if you could be more specific.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for trying to help on this matter. I have added additional info in the question. Please let me know, if you need further clarifications. Thanks!
Can you give me an example of what one of your PS scripts does? What in the script requires admin credentials? The "right" way to do this would be to develop scripts that do not require your admin credentials.
Example: script reads logs from a secured server and extract some status value. The end user of the win form doesn't need to know / see or able to change the scripts. All they need to click the button to see outcome or status of the log. In my current setup, multiple scripts are running under multiple buttons. If I pass this app to end users I need to give all scripts which would be readable to them. For security, need to limit access on it. Hope this is helpful to explain this issue. Thank you very much!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.