When using SCCM powershell script detection for an application deployment type - is it possible to encypt the script/obscure such that it is unreadable to SCCM console users?
I'm trying to solve a problem caused by too many SCCM console users, who can see application detection rules/values, who then hack their workstations to avoid mandatory deployments.
This can be done using the -EncodedCommand parameter. You would export the script into a base64 encoded file, then call another powershell exe to run it. Here's a very basic example:
$string = 'If (Get-Process) {$true}'
$encodedcommand = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($string))
$encodedcommand | Out-File c:\temp\Encoded.txt
$encodedcommand = Get-Content c:\temp\Encoded.txt
powershell.exe -EncodedCommand $encodedcommand
The detection script would be the last two lines. Reference: PowerTip: Encode String and Execute with PowerShell
