Using a dependency in KACE
Hi,
I'm working on a script that requires reading a password from a text file and passing it into a power shell script. I'm trying to call the password in my power shell like this:
$password = Get-Content C:\ProgramData\Dell\KACE\kbots_cache\packages\kbots\628\securestring.txt
but it doesn't work. However, if I move the text file off of Kace and into my C drive like this then the code works.
$password = Get-Content C:\Users\tmarshall\Documents\securestring.txt
Has anyone had a similar issue or know of a different way to call the dependency that will work?
Thanks!
1 Comment
[ + ] Show comment
-
can you post your ps script or what are you trying to accomplish? - SMal.tmcc 9 years ago
Answers (4)
Please log in to answer
Posted by:
SMal.tmcc
9 years ago
$(KACE_DEPENDENCY_DIR) is the variable. You can find the variables by clicking on the little blue question mark to the right of tasks
Posted by:
tmarshall
9 years ago
Sure, what I am overall trying to accomplish is reading a secureString password stored in a text file into my PowerShell script. Ideally I would like to be able to have them stored in KACE so we can deploy this on multiple computers. Unfortunately at the moment I can only accomplish this by having the text file stored on the C drive and not as a dependency in KACE .
Posted by:
SMal.tmcc
9 years ago
Just wondering what you are trying to do in the PS script, you may be able to use AutoIT to complie an exe with the password in it to run thru Kace.
But for your powershell try doing this with the launch, I do this trick to make vb scripts run. It is backwards logic but it works since the working directory is the Kace Dep Dir and you are calling the exe using the full path. The ps1 file is in the working directory so no path is needed for -file.
Make sure you put the double quotes around the file name. otherwise when converted to xml it messes the call up. Could not make out exact name of your ps1 file but you get the idea.
But for your powershell try doing this with the launch, I do this trick to make vb scripts run. It is backwards logic but it works since the working directory is the Kace Dep Dir and you are calling the exe using the full path. The ps1 file is in the working directory so no path is needed for -file.
Make sure you put the double quotes around the file name. otherwise when converted to xml it messes the call up. Could not make out exact name of your ps1 file but you get the idea.
Comments:
-
The PowerShell decrypts the secure string password that is saved in the text file and then changes the local admin password. I have it saved separately because we don't want to have it hardcoded into the main PowerShell script, decryptandchange.ps1 works fine how it is, although that is a good tip to keep in mind. The problem is that it can't read in the password that is stored in securePass.txt. I'm not sure if I'm trying to call it in the PowerShell correctly in line 188 of the screen shot since I have it as a KACE dependency or if there is another way to do it? - tmarshall 9 years ago
-
for that line using the above launch sequence try...either.....Get-Content securepassword.txt or Get-Content .\securepassword.txt - SMal.tmcc 9 years ago
-
Also with autoit the line would be :RunWait ("net user Administrator some_password","", @SW_HIDE). You then compile that into an exe and no one would see the password and run the exe in a script. You could even add an command line input to allow you to call the exe with a different password when needed. You would launch the exe with the password as the parameter and only users with script console access would be able to see the pw you are pushing - SMal.tmcc 9 years ago
-
Thank you for the help, unfortunately the way you suggested above didn't work either. I do have a batch file I created that does almost that that. Although I think that your way may actually be a little better from a security stand point. So, I'll give that a try. It's just that I was originally work on the PowerShell and wanted to see if it was possible to do it that way. - tmarshall 9 years ago
-
it you want to use autoit it is a free download. I can (or a lot of others on this forum will) give you exact line to paste into it. you compile to exe and are done - SMal.tmcc 9 years ago
-
sure, that sounds like a good alternative to do what I want to accomplish. - tmarshall 9 years ago
-
do you want to hardcode the password in the exe or have it as a command line input?
My email is under my profile if direct email is easier for you - SMal.tmcc 9 years ago -
I think with the way it would be running, hardcoding in the password would be better. - tmarshall 9 years ago
Posted by:
SMal.tmcc
9 years ago
go https://www.autoitscript.com/site/autoit/downloads/ and download autoit
Open the script editor and paste
https://www.autoitscript.com/autoit3/docs/functions/RunWait.htm
save the file on your tech machine *.au3
open the complie script to .exe and browse to the au3 file and give output file name. and convert.
make sure you make a 32 and 64 bit if needed, will work for k1000 kscripts and k2000 tasks
Open the script editor and paste
RunWait ("net user Administrator Your_NewPassword","", @SW_HIDE)
https://www.autoitscript.com/autoit3/docs/functions/RunWait.htm
save the file on your tech machine *.au3
open the complie script to .exe and browse to the au3 file and give output file name. and convert.
make sure you make a 32 and 64 bit if needed, will work for k1000 kscripts and k2000 tasks