EFS Encrypted powershell script not run at startup

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of Mark Hammonds Mark Hammonds 1 year, 9 months ago.

  • Author
    Posts
  • #30395
    Profile photo of Majid Salsal
    Majid Salsal
    Participant

    Hi,
    I have put a powershell script in my Windows Startup under the following address in 'Group Policy',and it was tested with no problem.
    Computer Configuration\Windows Settings\Scripts

    To hide the content of my script from unauthorized users, I encrypted my scripts under 'Default Administrator' account. Unfortunately, nothing happened after several restart of Windows as it did not execute at all.

    I checked the event log of Windows and saw the error code 403 for my script: "Engine State is changed from Available to Stopped". I could not find the point about the exact cause to my problem.
    What is the problem?

    Thanks

  • #30397
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    Did you encrypt it with a key. I may have read somewhere you need to use a a key otherwise the encryption is tied to the account that encrypted it.

    Secure string method

    https://technet.microsoft.com/en-us/library/hh849818.aspx

    Here is how they used it to encrypt a script. This approach allows you to use your personal identity as secret key. As a result, the person who encrypted the script is the only one who can decrypt and execute it- a great way to keep personal scripts secret.

    http://powershell.com/cs/blogs/tips/archive/2009/04/08/encrypting-powershell-scripts.aspx

    But if you don't provide a key only the account that encrypted it can decrypt it.

    -Key
    Specifies the encryption key to use when converting a secure string into an encrypted standard string. Valid key lengths are 16, 24, and 32 bytes.

    Aliases
    none
    Required?
    false
    Position?
    named
    Default Value
    none
    Accept Pipeline Input?
    false
    Accept Wildcard Characters?
    false
    -SecureKey
    Specifies the encryption key to use when converting a secure string into an encrypted standard string. The key must be provided in the format of a secure string. The secure string is converted to a byte array before being used as the key. Valid key lengths are 16, 24, and 32 bytes.

    Aliases
    none
    Required?
    false
    Position?
    2
    Default Value
    none
    Accept Pipeline Input?
    false
    Accept Wildcard Characters?
    false
    -String
    Specifies the string to convert to a secure string.

  • #30398
    Profile photo of Curtis Smith
    Curtis Smith
    Participant
  • #30399
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    Sorry I was not much help.

You must be logged in to reply to this topic.