AnsweredAssumed Answered

Agents "powershell.encryption_key" setting

Question asked by DavidHobbs Advocate on Feb 6, 2020
Latest reply on Feb 14, 2020 by DavidHobbs

Hi,

 

We'd like to make use of the powershell.encryption_key setting in our agent configs.  We have obtained the psencrypt.exe tool from Snow Support and encrypted our powershell script.  It seems to work fine, the script has been encrypted and the agent can still execute it.

 

However, there is one big problem.  After putting the powershell.encryption_key setting in our Agent config, the standard powershell scripts provided by Snow no longer work.  So for example our Agent log says this:

 

ERROR; snowagent; powershell\powershellmanager.cpp; snow::win32::PowerShellManager::ExecuteScripts; Cannot run PowerShell script 'scan-agentcleanup.snow-ps1'.
ERROR; snowagent; powershell\powershellmanager.cpp; snow::win32::PowerShellManager::ExecuteScripts; Cannot run PowerShell script 'scan-autodesk.snow-ps1'.
ERROR; snowagent; powershell\powershellmanager.cpp; snow::win32::PowerShellManager::ExecuteScripts; Cannot run PowerShell script 'Scan-CustomRegistry.snow-ps1'.
ERROR; snowagent; powershell\powershellmanager.cpp; snow::win32::PowerShellManager::ExecuteScripts; Cannot run PowerShell script 'scan-msinfo.snow-ps1'.
ERROR; snowagent; powershell\powershellmanager.cpp; snow::win32::PowerShellManager::ExecuteScripts; Cannot run PowerShell script 'scan-swid.snow-ps1'.
ERROR; snowagent; powershell\powershellmanager.cpp; snow::win32::PowerShellManager::ExecuteScripts; Cannot run PowerShell script 'scan-toad.snow-ps1'.

 

Is that expected?  If we use the psencrypt.exe tool does this mean we can no longer use any of the standard powershell scripts?  Those scripts work fine without the powershell.encryption_key setting.

 

If you know the answer, please let me know.  We'd like to encrypt our own scripts but also keep using the ones provided by Snow!

 

Thanks, David

Outcomes