Protect Powershell script to be not editable, but executable

Ivaylo Stefanov 136 Reputation points
2021-05-25T11:33:24.28+00:00

Hi,

can you anybody show me how can I protect a script, so that the script cannot be changed (modified), but it's can be run for example every night at 00:00 as scheduled task?

Thank you.

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,594 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Olaf Helper 45,391 Reputation points
    2021-05-25T13:43:52.107+00:00

    A PowerShell script file is a simple text file, not much to protect.
    You can only remove write/delete permissions on NTFS file level, but the user will still be able to copy the file to an other location and modify it there.

    0 comments No comments

  2. Stefan Pippel 21 Reputation points
    2022-01-17T14:13:51.203+00:00

    I have the same need for such a script. Would it be possible if the script file is signed?

    0 comments No comments

  3. Domagoj Novak 586 Reputation points
    2022-01-17T19:17:38.013+00:00

    Hello @Stefan Pippel ,

    maybe converting .ps1 to .exe will do the trick?

    Instructions on how to do that can be found:
    https://adamtheautomator.com/ps1-to-exe/

    Kind regards,
    Domagoj

    0 comments No comments

  4. codeprotection 1 Reputation point
    2022-04-07T17:55:17.87+00:00

    Code Obfuscation: Protecting Powershell Scripts (.ps1)

    To protect powershell scripts from unauthorized edits and against code exposure, there are a few options available to pick from.

    You can certainly rely on the usual methods of restricting read/write access through permissions and ownerships. This is usually enough. But, if your Powershell script contains intellectual property or proprietary information which is too risky to leave open in a plain text file, then, there's another option. A newer option. Code Obfuscation.

    Obfuscation of Powershell source code will convert your original plain text .ps1 script into a very different format. An illegible one. One that looks nothing like the original plain text version. This illegibility has multiple purposes. The main one being its use as a dynamic security lock, designed to be especially sensitive.

    • The sensitivity checks will detect when changes are made to the body of the obfuscated code and can be configured to either abort execution in such instances, or self destruct.
    • Sensitivity checks can also watch for signs of a code trace or a debugging session and send out notifications immediately upon detection
    • Additionally, you can further fortify your Powershell code by restricting its usage only to specific usernames and to specific hosts.
    • Also, during obfuscation, you can enable settings to notify you of all attacks against your protected Powershell script - keep track of where it is being utilized.

    While obfuscation of code is not the end-all-be-all security option for code protection, it does provide script developers a much higher degree of control over their scripts.

    After obfuscating your powershell script as described above, you can then set it up to run as a scheduled task on any system.

    For scheduling scripts to run, here are some links:

    0 comments No comments

  5. Daniel Ruiz 0 Reputation points
    2024-12-19T15:34:35.3133333+00:00

    You need to convert this list:
    daniel ruiz daniel@gmail.co
    jorge silva jorg@gmai.com

    to sql insert sentences
    INSERT INTO [dbo].[UsR]

           (
    
           ,[FirstName]
    
           ,[LastName]
    
           ,[Email]
    
           ,[Password]
    
           ,[Role])
    
     VALUES
    
           ( FirstName, nvarchar(50),>
    
           ,<LastName, nvarchar(50),>
    
           ,<Email, nvarchar(150),>
    
           ,<Password, nvarchar(50),>
    
           ,<Role, nvarchar(50),>)
    

    GO

    where the first string is the FirstName, the second string is the last name and the third one is Email,
    For Password create one for each row and Role is always 'user'

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.