- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-03-2016 09:01 AM
Hello,
We are using PowerShell to run commands in a highly secure domain tier.
This requires PowerShell scripts executed by the MidServers to be run without any execution policy modifications.
However MidServer executes powershell scripts using the following command:
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command & {& 'scripts\PowerShell\PSScript.ps1' -computer '.......' -script 'C:\Users\....AppData\Local\Temp\PowerShellScriptToRun.PS1' -useCred $false -isDiscovery $false -debug $true; exit $LASTEXITCODE}
Questions:
- Is there any way to sign PSScript.ps1 so it can conform to our customer security design?
- Is there any way to control parameters passed to PSScript.ps1 without "hacking" any mid server features?
Thank you!
Solved! Go to Solution.
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-04-2016 09:00 AM
All right. After decompiling the Mid-Server code, it turns out it is as frustrating as possible:
this.fCommandParam = new ParamString("${powershell} -executionpolicy unrestricted -noninteractive -nologo -noprofile -command \"& {& ${psscript} ${computer} ${user} ${password} ${userscript} ${genericparams} ${usecred} ${isdisco} ${debug}; exit $LASTEXITCODE}\"");
Executionpolicy is hardcoded in Mid server, I would like to raise an urgent flag to ServiceNow for this, as the product becomes unusable in high security enviroments.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2017 12:17 PM
Andrey,
Is there a KB or something in HI that we could refer to for ServiceNow working on this? We also have a higher security environment and need powershell scripts to run signed without the MID server changing the execution policy...
Is there anything we can do to get a status on this? Or something to help push it along?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2017 12:29 PM
Hey! Though I didn't test it myself I believe that Istanbul's orchestration can do that now. (: For prior versions it is DIY.
Please drop a line here once you find out. A dev instance should prove me right or wrong.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2017 12:48 PM
I'll definitely check it out and report back! Any ideas on where to look to modify the execution policy that it's attempting to set?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2017 08:09 PM
I need to set the execution policy too. Have you found a solution yet?
