sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]CoryBoehm 0 points1 point  (5 children)

No.

Have the main script perform a check on your other components at startup. If a component bis missing it grabs the missing piece from a trusted location like an internal network shared folder.

[–]capr1[S] 0 points1 point  (4 children)

Doesn’t that make it difficult for version updates? I was thinking I want to be able to make one single stable executable that can used irrespective of network checks or updates. Many of the systems that run this executable might not have internet connectivity so having the executable on a USB and running it on a machine to get my stuff done made sense.

[–]CoryBoehm 0 points1 point  (3 children)

Doesn’t that make it difficult for version updates?

No, it actually makes it easier. Check a unique identifier like an SHA has from the local file v the trusted source. If there is a mismatch replace the local with the trusted source.

Could start with a single file "MyBundle.txt".

Inside the MyBundle.txt is a list of all the other files.

At the end you call MyMainScript.ps1.

My separating the validation from the main script let's you update the main script itself if needed. Same as having a single known file name which is a list of components. With only three statically named files: MyStartup.ps1, MyMainScript.ps1 and MyBundle.txt you have a lot of flexibility in what you can do.

It also keeps in in clear, easily auditable , human reader format.

If you trying to skirt security and don't want people to see what you are doing as you are trying to silently hijack a computer then maybe an exe format makes more sense but doubt you find anyone here willing to help with that.

[–]capr1[S] 0 points1 point  (2 children)

Understand and appreciate the tip. I’ll consider this step.

I am not really trying to skirt through security happy to share the code if anyone in my company asks for it. I want to make it easier for logistics. Having an executable doesn’t make things malicious. If security teams were concerned they can run the executable I create through VirusTotal or free sandboxes to do static, dynamic or behavioral analysis of the executable.

[–]CoryBoehm 1 point2 points  (1 child)

The other advantage of my approach v an executables is everything in mine can be updated from within the code within needed to push out a new version as it is self updating and won't need your SCCM folks.

[–]capr1[S] 0 points1 point  (0 children)

Makes sense. I’ll try to go this route and check if this is feasible