Packaged script with utility file in PrimalScript 2012

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
clum09
Posts: 149
Joined: Thu Apr 24, 2008 9:11 am

Packaged script with utility file in PrimalScript 2012

Post by clum09 » Mon Feb 16, 2015 10:48 am

Hello,

I need to package a PowerShell script that requires a utility file to run in PrimalScript 2012.

I added the utility file in the script packager and in Specific folder I added %temp% variable.

In the script, I have the code that points to the %temp% folder to execute this utility file.

However, the packaged script does not extract the utility file to the %temp% location.

Where can this utility file be at or this functionality is broken in PrimaScript 2012?

I know that in PrimalScript 2009, the utility file would be extracted to the %temp% location where it can be executed.

Thanks.

User avatar
SAPIEN Support Forums
Posts: 945
Joined: Wed Dec 03, 2014 2:26 pm

Packaged script with utility file in PrimalScript 2012

Post by SAPIEN Support Forums » Mon Feb 16, 2015 10:48 am

This is an automated post. A real person will respond soon.

Thank you for posting, clum09.

Did you remember to include the following?
  • 1. Product, version and build (e.g. Product: PrimalScript 2014, Version & Build: 7.0.46. Version and build information can be found in the product's About box accessed by clicking the blue icon with the 'i' in the upper right hand corner of the ribbon.)
    2. Specify if you are running a 32 or 64 bit version
    3. Specify your operating system and if it is 32 or 64 bit.
    4. Attach a screenshot if your issue can be seen on the screen
    5. Attach a zip file if you have multiple files (crash reports, log entries, etc.) related to your issue.
If not, please take a moment to edit your original post or reply to this one.

*** Make sure you do not post any licensing information ***

User avatar
Alexander Riedel
Posts: 7023
Joined: Tue May 29, 2007 4:43 pm

Re: Packaged script with utility file in PrimalScript 2012

Post by Alexander Riedel » Mon Feb 16, 2015 1:33 pm

It is not broken, it simply is not there anymore. Self-extracing executables are simply not an option on modern, secure OS versions.

This was announced back in 2013 here:
http://www.sapien.com/blog/2013/06/03/changes-are-coming-to-the-script-packager/

Nowadays you need to use an MSI with proper elevation to deploy securely, or, alternatively, if you have direct network access to the server,
deploy directly from within PrimalScript to the location where the files should be.

Please read these articles:

http://www.sapien.com/blog/?s=From+script+to+server+%E2%80%93+Deploying+solutions+with+PrimalScript+2014
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
clum09
Posts: 149
Joined: Thu Apr 24, 2008 9:11 am

Re: Packaged script with utility file in PrimalScript 2012

Post by clum09 » Mon Feb 16, 2015 1:53 pm

Can I use the MSI deployment method to package the script and run the packaged script as I did in previous version of PrimalScript?

I do not deployment any application as such, and really all I do is I write a tool to automate some tasks in my organization, and my script requires the external utility files to work with. I like to package these utility files with the script when I run the packaged script.

User avatar
Alexander Riedel
Posts: 7023
Joined: Tue May 29, 2007 4:43 pm

Re: Packaged script with utility file in PrimalScript 2012

Post by Alexander Riedel » Mon Feb 16, 2015 2:33 pm

An MSI is not a packaged script, it is an installer. You simply cannot use self-extracting executables anymore, they just fail to extract the additional files because they do not have the permissions.
Well, in most cases.

If you are not deploying these packages, where do they run? On your machine? Please give me some more details on your setup
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
clum09
Posts: 149
Joined: Thu Apr 24, 2008 9:11 am

Re: Packaged script with utility file in PrimalScript 2012

Post by clum09 » Mon Feb 16, 2015 6:35 pm

The old version of PrimalScript (2009 and 2012 that I own) only extracts the dependency files for VBScript and not for PowerShell.

Typically, when I packaged my script in the days of VBscript, I set the %temp% of the current user's profile as the location for the dependency files. The user who runs this packaged script must have the permission to the %temp% folder. I had never a single problem or complaint that the user could not launch the script with the dependency files.

Now we are the world of PowerShell, and this feature is no longer available. These new versions of PrimalScript only support the packaging of scripts that are used to install the applications - and not for writing tools.

Since the Invoke-Command cmdlet in PowerShell V2 does not support the -InDisconnectedSession parameter, and the packaged script by PrimalScript will terminate the remote process in the PSSession when the packaged script ends, I have a need to use the utility files such as PSexec.exe and PsList.exe in place of the Invoke-Command cmdlet in a PSSession to execute a remote process so that the remote process will not terminate when the packaged script ends its execution.

Therefore, I need to package these two utility files with the script. I know that I can copy these utility files to the computer where I will run the packaged script first before I execute the packaged script that needs these two files, but this will involve a manual process in order for my tool to work.

The goal of writing a tool is to have every thing fully automated, but this rule of pre-staging the files will involve a manual process or the tool will not work if these two files have not been pre-staged.

This is one of the examples why I need the ability to package the dependency files with the script.

Thanks.

User avatar
Alexander Riedel
Posts: 7023
Joined: Tue May 29, 2007 4:43 pm

Re: Packaged script with utility file in PrimalScript 2012

Post by Alexander Riedel » Tue Feb 17, 2015 12:04 am

Ok, I do not want to start a philosophical discussion here but there are just some things I would like to comment on.

I do not know what your environment is like, but in modern and secure setup a process cannot be allowed to willy-nilly extract executable files into a temp folder and run them. That is what a virus or trojan would do and just should not ever be allowed.

"Now we are the world of PowerShell, and this feature is no longer available. These new versions of PrimalScript only support the packaging of scripts that are used to install the applications - and not for writing tools"
That is absolutely not true. PowerShell has nothing to do with installing applications and many of our customers use PrimalScript to write tools. I am not sure where you get that perception from.

The easiest way for your issue would be to update all machines to PowerShell V3 or 4. It runs on all platforms and it is free, so why not?

PSExec and PSList are static. They do not change. Extracting them each time a tool is run and deleting them afterwards it cumbersome and unnecessary. Just put them where you need them once and use them if that is what you need. Make them available on your network and use them from a standard \\server\share location if you do not want them on each machine.

Instead of using these external tools you may also want to look at this code:
http://community.spiceworks.com/scripts/show/2853-start-remoteprocess-ps1-start-process-on-remote-computer-with-credentials

If you write tools with PowerShell and you need to use these tools on another machine you need to deploy them. That is done either by an installer to ensure proper versioning and permissions or, if you have access, push them out directly from PrimalScript to their destination via the deploy functionality.

In either case, self-extracting executable files, specially those extracting .exe files, are a huge security risk. I really cannot emphasize enough how dangerous it is to allow that.
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
clum09
Posts: 149
Joined: Thu Apr 24, 2008 9:11 am

Re: Packaged script with utility file in PrimalScript 2012

Post by clum09 » Tue Feb 17, 2015 9:30 am

The script posted at the link you suggested used WMI method to execute the remote process.

I had already had a code that used WMI to execute the remote process before I resorted to using PsExec tool.

However, the remote computer on which I need to run the process would not accept any remote WMI connection, which in turn generated the error "Invoke-WmiMethod : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" even though the account used to create this process had full permission on the remote computer.

At this point, instead of trying to fix the WMI issue on the remote computer, I will need to pre-stage the utility files on the local computer first before I attempt to launch the remote process on the remote computer.

Thank you for the help.

User avatar
clum09
Posts: 149
Joined: Thu Apr 24, 2008 9:11 am

Re: Packaged script with utility file in PrimalScript 2012

Post by clum09 » Tue Feb 17, 2015 12:00 pm

I am just curios to see what you think when you said that having the packaged script to extract the utility files to the %temp% folder would create a security risk for the organization.

How about the MSI package file that was created by PrimalScript that also contains application files with the package?

When the MSI package launches, it will extract the application files to a folder (any folder that was assigned by the packager) first before it will attempt to install the application on the computer.

Wouldn't this also cause a security risk when someone launches this MSI package?

Thanks.

User avatar
Alexander Riedel
Posts: 7023
Joined: Tue May 29, 2007 4:43 pm

Re: Packaged script with utility file in PrimalScript 2012

Post by Alexander Riedel » Tue Feb 17, 2015 2:49 pm

No. An MSI usually has to be run under administrative privileges and elevated. It is a one time extract by an authorized and authenticated user for the specific operation of installing software rather than an everyday activity by a normal user.

Please note that applications of any kind (even simple tools) should be installed under "program files". In current OS versions you can only do that from a an elevated security token.

So it is quite a different affair.
Alexander Riedel
SAPIEN Technologies, Inc.