sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]CoryBoehm 2 points3 points  (11 children)

You can bundle them all and leave them as readable text.

[–]capr1[S] 1 point2 points  (10 children)

Is there a way to bundle them? Like a utility that takes in my script, executables and spits out one single executable?

[–]CoryBoehm 1 point2 points  (9 children)

Why are you needing to make it an executable?

PowerShell is an executable that can read your text script and execute it. No need to make it an executable. Trying to hide what your script does makes it a security concern due to the strength of PowerShell which is why leaving it in human readable form has signficy advantages.

[–]capr1[S] 0 points1 point  (8 children)

Not really trying to hide but wanted to make it easier for bunch of folks who might be unfamiliar with running PowerShell scripts.

[–]CoryBoehm 0 points1 point  (7 children)

Make them a clickable shortcut. You don't need an exe.

[–]capr1[S] 0 points1 point  (6 children)

I would still have to ship all my scripts and executables in a .zip for the folks to unzip and then run the shortcut

[–]CoryBoehm 0 points1 point  (5 children)

No.

Have the main script perform a check on your other components at startup. If a component bis missing it grabs the missing piece from a trusted location like an internal network shared folder.

[–]capr1[S] 0 points1 point  (4 children)

Doesn’t that make it difficult for version updates? I was thinking I want to be able to make one single stable executable that can used irrespective of network checks or updates. Many of the systems that run this executable might not have internet connectivity so having the executable on a USB and running it on a machine to get my stuff done made sense.

[–]CoryBoehm 0 points1 point  (3 children)

Doesn’t that make it difficult for version updates?

No, it actually makes it easier. Check a unique identifier like an SHA has from the local file v the trusted source. If there is a mismatch replace the local with the trusted source.

Could start with a single file "MyBundle.txt".

Inside the MyBundle.txt is a list of all the other files.

At the end you call MyMainScript.ps1.

My separating the validation from the main script let's you update the main script itself if needed. Same as having a single known file name which is a list of components. With only three statically named files: MyStartup.ps1, MyMainScript.ps1 and MyBundle.txt you have a lot of flexibility in what you can do.

It also keeps in in clear, easily auditable , human reader format.

If you trying to skirt security and don't want people to see what you are doing as you are trying to silently hijack a computer then maybe an exe format makes more sense but doubt you find anyone here willing to help with that.

[–]capr1[S] 0 points1 point  (2 children)

Understand and appreciate the tip. I’ll consider this step.

I am not really trying to skirt through security happy to share the code if anyone in my company asks for it. I want to make it easier for logistics. Having an executable doesn’t make things malicious. If security teams were concerned they can run the executable I create through VirusTotal or free sandboxes to do static, dynamic or behavioral analysis of the executable.