Best practices for PowerShell toolmaking?

This topic contains 6 replies, has 4 voices, and was last updated by  Jeff 2 years, 7 months ago.

  • Author
  • #32938


    I have created a PowerShell script/form that does various things that can be used by IT. How do users typically access tools? Currently, I am having the tool-user open the script via a batch file. I see in PowerGUI there is a compile script option, which works perfectly. However, I'm not sure if this is the option that should be used. I have read online that it is not secure to create an exe file for a script as it exposes the code. Isn't that the same with a batch file? I am using this script internally as well as the exe that may be potentially used by IT. Any best practices for opening the script or securing the script?

  • #32939

    Dave Wyatt

    There's one question here that you didn't ask, and only you can answer:

    Do you care if the users are able to see the source code of the script? You shouldn't; if you've got something sensitive in there (such as credentials), then you've really got a design problem rather than a "how do I hide the code from my users" problem. Even if you weren't using a script language, and were doing something like C++, it's still a pretty simple matter to reverse-engineer a program and find out what it's doing.

    Assuming that the code is safe for anyone to look at, then you're just down to how it is distributed / launched. For that, any of the "compile script to exe" options would work fine, if you want people to be able to just double-click on it and start your form.

  • #32940

    Don Jones

    And that EXE PowerGUI creates isn't "compiled," it's "packaged." It's just a wrapper around your script. So +1 to what Dave said – most of us don't worry about "exposing" the code. We just make sure to design it so that there's nothing dangerous in the code.

  • #32941


    Great, thanks. That answered my question. And no – I don't care if IT can see the code that was used. One more quick question regarding forms – When I create the exe via PowerGUI, it makes it v1.0.0.0. Is it possible to change the actual version on the exe file?

  • #32942

    Don Jones

    That's something it would probably have to do, as it's built into the file header. PowerGUI's no longer a supported application, though. You might look at PowerShell Studio or PrimalScript, which offer similar packaging functionality but are currently-supported and -developed. They do offer the ability to specify the file version for the header, along with other information.

  • #32954

    Steven Ayers

    I'd advise PowerShell Studio all the way.

    Even if you are stuck with a trial, you can review the source code, and manually insert different tools from other trial projects (the trial only allows 5 tools per project).

    However, bear in mind you will be stuck with a trial message when using the EXE compiler, which personally I wouldn't ever want to use to publish for even an internal tool.

    An option is to open Visual studio and make a small C# project, and get it to call on the script, stored in the same folder.

  • #32960


    Why would you choose not to use an EXE internally? I have Visual Studio Community edition on my machine. Guess I can give that a try. I get an error whenever closing the EXE that was created with PowerGUI, so I need to find another option.

You must be logged in to reply to this topic.