I have created a PowerShell script/form that does various things that can be used by IT. How do users typically access tools? Currently, I am having the tool-user open the script via a batch file. I see in PowerGUI there is a compile script option, which works perfectly. However, I’m not sure if this is the option that should be used. I have read online that it is not secure to create an exe file for a script as it exposes the code. Isn’t that the same with a batch file? I am using this script internally as well as the exe that may be potentially used by IT. Any best practices for opening the script or securing the script?
There’s one question here that you didn’t ask, and only you can answer:
Do you care if the users are able to see the source code of the script? You shouldn’t; if you’ve got something sensitive in there (such as credentials), then you’ve really got a design problem rather than a “how do I hide the code from my users” problem. Even if you weren’t using a script language, and were doing something like C++, it’s still a pretty simple matter to reverse-engineer a program and find out what it’s doing.
Assuming that the code is safe for anyone to look at, then you’re just down to how it is distributed / launched. For that, any of the “compile script to exe” options would work fine, if you want people to be able to just double-click on it and start your form.
And that EXE PowerGUI creates isn’t “compiled,” it’s “packaged.” It’s just a wrapper around your script. So +1 to what Dave said - most of us don’t worry about “exposing” the code. We just make sure to design it so that there’s nothing dangerous in the code.
Great, thanks. That answered my question. And no - I don’t care if IT can see the code that was used. One more quick question regarding forms - When I create the exe via PowerGUI, it makes it v1.0.0.0. Is it possible to change the actual version on the exe file?
That’s something it would probably have to do, as it’s built into the file header. PowerGUI’s no longer a supported application, though. You might look at PowerShell Studio or PrimalScript, which offer similar packaging functionality but are currently-supported and -developed. They do offer the ability to specify the file version for the header, along with other information.
I’d advise PowerShell Studio all the way.
Even if you are stuck with a trial, you can review the source code, and manually insert different tools from other trial projects (the trial only allows 5 tools per project).
However, bear in mind you will be stuck with a trial message when using the EXE compiler, which personally I wouldn’t ever want to use to publish for even an internal tool.
An option is to open Visual studio and make a small C# project, and get it to call on the script, stored in the same folder.
Why would you choose not to use an EXE internally? I have Visual Studio Community edition on my machine. Guess I can give that a try. I get an error whenever closing the EXE that was created with PowerGUI, so I need to find another option.