ITJef
Enthusiast
Enthusiast

Compiling PowerCLI Scripts

Has anyone had success with compiling powercli scripts into an executable? We are using powercli and the horizon modules to automate the process of building VM's and the script works great as a .ps1 file. However the script has a password in it to login to the horizon server and as a result i wanted to make some kind of effort to hide the password by compiling it into an executable. However when i use powergui to compile into executable the script stops working and gives various errors. Has anyone had any success with compiling powercli scripts? Anyone have any advice for the problem i am experiencing?

0 Kudos
4 Replies
LucD
Leadership
Leadership

You could use the PS2EXE tool, as documented in How To Convert a PowerShell Script into an EXE File

But be aware that this is not the ideal way to "hide" password.

Someone who knows about Base64 encoding can easily extract your password.

And another tip, I think it's time to stop using PowerGui.

It's not developed anymore, and it doesn't support all features in the more recent PowerShell versions.

Perhaps it's time to look at something like Visual Studio Code.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
ITJef
Enthusiast
Enthusiast

i will look into PS2EXE to see if that helps.

Below is a snippet of the code i am using that requires a password. Do you see another way to handle this?

invoke-command -computername $connectionserver -scriptblock {

        param($vmname, $vmviewPool, $vmuser)

        

  write-host "Updating Horizon for " $vm -ForegroundColor Green

        $Username = '<USERNAME>'

        $Password = '<PASSWORD>' | ConvertTo-SecureString -AsPlainText -Force

        $Credential = New-Object -TypeName pscredential -ArgumentList $Username,$Password

        $viewServer = "<HorizonServer>"

        add-pssnapin vmware.view.broker

        Get-Module -ListAvailable VMware* | Import-Module

      

        connect-hvserver $viewserver -Credential $credential

       

        #add machine to pool

        add-hvdesktop -pool $vmviewpool -machines $vmname

       

        #add user to VM In pool

        $userresult = get-user -name $vmuser 

        $usersid = $userresult.sid

        $vmresult = get-desktopvm -name $vmname

        $vmMachineID = $vmresult.Machine_id

        update-userownership -machine_id $vmMachineID -sid $usersid

        disconnect-hvserver $viewserver -confirm:$false

}    -ArgumentList $vmname, $vmviewPool, $vmuser

0 Kudos
LucD
Leadership
Leadership

PowerShell itself, unfortunately doesn't have a feature to store and retrieve credentials securely.

But there have been many methods posted.

I personally find the procedure in Using saved credentials securely in PowerShell scripts rather good.

But there remains a weak point, you have to protect the AES key in a secure way.

PowerCLI's New-VICredentialSToreItem also allows to store credentials, but then it becomes a matter of protecting the vicredentials.xml file.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
ITJef
Enthusiast
Enthusiast

ok thanks

0 Kudos