Author Posts

October 4, 2015 at 3:56 am

Hi,
I have put a powershell script in my Windows Startup under the following address in 'Group Policy',and it was tested with no problem.
Computer Configuration\Windows Settings\Scripts

To hide the content of my script from unauthorized users, I encrypted my scripts under 'Default Administrator' account. Unfortunately, nothing happened after several restart of Windows as it did not execute at all.

I checked the event log of Windows and saw the error code 403 for my script: "Engine State is changed from Available to Stopped". I could not find the point about the exact cause to my problem.
What is the problem?

Thanks

October 4, 2015 at 8:11 am

Did you encrypt it with a key. I may have read somewhere you need to use a a key otherwise the encryption is tied to the account that encrypted it.

Secure string method

https://technet.microsoft.com/en-us/library/hh849818.aspx

Here is how they used it to encrypt a script. This approach allows you to use your personal identity as secret key. As a result, the person who encrypted the script is the only one who can decrypt and execute it- a great way to keep personal scripts secret.

http://powershell.com/cs/blogs/tips/archive/2009/04/08/encrypting-powershell-scripts.aspx

But if you don't provide a key only the account that encrypted it can decrypt it.

-Key
Specifies the encryption key to use when converting a secure string into an encrypted standard string. Valid key lengths are 16, 24, and 32 bytes.

Aliases
none
Required?
false
Position?
named
Default Value
none
Accept Pipeline Input?
false
Accept Wildcard Characters?
false
-SecureKey
Specifies the encryption key to use when converting a secure string into an encrypted standard string. The key must be provided in the format of a secure string. The secure string is converted to a byte array before being used as the key. Valid key lengths are 16, 24, and 32 bytes.

Aliases
none
Required?
false
Position?
2
Default Value
none
Accept Pipeline Input?
false
Accept Wildcard Characters?
false
-String
Specifies the string to convert to a secure string.

October 4, 2015 at 3:05 pm

Sorry I was not much help.