Protect Powershell script to be not editable, but executable

Question

Hi,

can you anybody show me how can I protect a script, so that the script cannot be changed (modified), but it's can be run for example every night at 00:00 as scheduled task?

Thank you.

Answer 1

A PowerShell script file is a simple text file, not much to protect.
You can only remove write/delete permissions on NTFS file level, but the user will still be able to copy the file to an other location and modify it there.

Answer 2

I have the same need for such a script. Would it be possible if the script file is signed?

Answer 3

Hello @Stefan Pippel ,

maybe converting .ps1 to .exe will do the trick?

Instructions on how to do that can be found:
https://adamtheautomator.com/ps1-to-exe/

Kind regards,
Domagoj

Answer 4

Code Obfuscation: Protecting Powershell Scripts (.ps1)

To protect powershell scripts from unauthorized edits and against code exposure, there are a few options available to pick from.

You can certainly rely on the usual methods of restricting read/write access through permissions and ownerships. This is usually enough. But, if your Powershell script contains intellectual property or proprietary information which is too risky to leave open in a plain text file, then, there's another option. A newer option. Code Obfuscation.

Obfuscation of Powershell source code will convert your original plain text .ps1 script into a very different format. An illegible one. One that looks nothing like the original plain text version. This illegibility has multiple purposes. The main one being its use as a dynamic security lock, designed to be especially sensitive.

• The sensitivity checks will detect when changes are made to the body of the obfuscated code and can be configured to either abort execution in such instances, or self destruct.
• Sensitivity checks can also watch for signs of a code trace or a debugging session and send out notifications immediately upon detection
• Additionally, you can further fortify your Powershell code by restricting its usage only to specific usernames and to specific hosts.
• Also, during obfuscation, you can enable settings to notify you of all attacks against your protected Powershell script - keep track of where it is being utilized.

While obfuscation of code is not the end-all-be-all security option for code protection, it does provide script developers a much higher degree of control over their scripts.

After obfuscating your powershell script as described above, you can then set it up to run as a scheduled task on any system.

For scheduling scripts to run, here are some links:

• https://learn.microsoft.com/en-us/windows/win32/taskschd/daily-trigger-example--scripting-
• https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page

Answer 5

You need to convert this list:
daniel ruiz daniel@gmail.co
jorge silva jorg@gmai.com

to sql insert sentences
INSERT INTO [dbo].[UsR]

       (

       ,[FirstName]

       ,[LastName]

       ,[Email]

       ,[Password]

       ,[Role])

 VALUES

       ( FirstName, nvarchar(50),>

       ,<LastName, nvarchar(50),>

       ,<Email, nvarchar(150),>

       ,<Password, nvarchar(50),>

       ,<Role, nvarchar(50),>)

GO

where the first string is the FirstName, the second string is the last name and the third one is Email,
For Password create one for each row and Role is always 'user'