Include powershell module in EXE

Posted by Sad_Mastodon_1815@reddit | sysadmin | View on Reddit | 17 comments

Before now i used pwsh only for scripting in intune and software packaging. Now i have a usecase for a small "programm" to automate a process in our company. I builded a small tool with powershell for that. Now i want to make it better with PwshSpecrteConsole and make it to an executable. But how can i implement the module in the executable? What i also want todo is to wrap the script-exe afterwards in another exe with the config file and it should be placed in C:/ProgramFiles. How can i do that?

[-]

Outside-After@reddit

Sysadmin isn’t part of the software lifecycle. When it gets to this, I’d push for things to return to the start of the lifecycle. You have to be careful too that creating small black box solutions doesn’t cause pain further down with maintenance and awareness. Ideally the exe will also be digitally signed and inline therefore with a white-list application policy.

[-]

BlackV@reddit

Worse it's a ps1 they converted using ps2exe ( or similar)

[-]

ajsadler@reddit

PS2EXE

https://www.advancedinstaller.com/convert-powershell-to-exe.html

[-]

NWijnja@reddit

Is how to trigger endpoint detection software in 1 easy step

[-]

BlackV@reddit

Think op is using that already

That's their issue they have an external module that their script depends on, they want to include that

[-]

gandraw@reddit

If you sign the resulting executable, at least Cortex XDR is much more chill about it.

[-]

BlackV@reddit

Ah back again I see, you could try any of the following

Use the built-in in powershell features and set a dependants for the module
Turn your script into a proper module
Have your code deploy that module
you really really really want to look at version pinning
As per your other post spectre has a dll include that with your exe
Stop using specerter console
Stop using an exe wrapped ps1

[-]

Helpjuice@reddit

The real question should be what is it that this script currently does and is it the proper implementation for the end solution at hand?

Explain what it does and where, more than likely if it something that happens in the background it should be made into an actual service.

If it is for users then it should be made into a user friendly application deployed to machines that have users that need to use the application and uninstalled when no longer needed.

This should be something that goes through approvals, so you are not the only one that knows of its existence, what it does and can be properly reviews for compliance and security issues before being deployed to your staging and production environments.

[-]

justaguyonthebus@reddit

Deploy the module to the system like you would any other dependency. Once it's installed in the right location, any script can use it (it it's in an exe or not)

[-]

SevaraB@reddit

Your goal as a sysadmin should be to eliminate shipping EXEs wherever possible, not adding to them. What are you getting from an EXE that you can’t get from running a PS1? And why is it happening on your deployed clients out in the wild instead of being provisioned at the workbench?

[-]

Ssakaa@reddit

Your goal as a sysadmin should be to eliminate shipping EXEs wherever possible, not adding to them.

For internal tooling, yep, generally...

And why is it happening on your deployed clients out in the wild instead of being provisioned at the workbench?

Ongoing maintenance? Software config/deployment? Working past intune's delightful "simplification" of the massive list of features AD/GPO/SCCM provided? Remote users getting drop-shipped devices with autopilot?

There's a LOT of reasons things shouldn't need to be back on an in-house workbench.

[-]

Adam_Kearn@reddit

Possibly look at this in a different approach.

EXEs you can’t easily update or patch quickly without having deployment software to push out remote changes.

If this was me I would instead create a desktop shortcut (c:\users\public\desktop) and have that start the PS1 script.

Host the script on a file share (with appropriate permissions (read and execute only)

Or if you have a website host it on that instead (excluded from indexing)

To the end users they won’t even notice the difference.

[-]

Kuipyr@reddit

Rewrite the PowerShell tool in C#?

[-]

Ok-Hunt3000@reddit

Best way for sure.

[-]

Sad_Mastodon_1815@reddit (OP)

The thing is, i cant C#. 😔

[-]

Ok-Hunt3000@reddit

I hear ya yeah that’s a hurdle. For what it’s worth, it’s not a tough jump and in your situation you likely can just write a minimal “stub” with boilerplate C# you can find online to just call pwsh.exe to kick off your stuff If your main goal is just packaging it as an exe. There’s like powershell2exe too but haven’t used it

[-]

irish_guy@reddit

My brother