1

So I've been researching/googling for the last 2 hours, and I'm practically at the point of tears...

I can't use New-SelfSignedCertificate because I'm on Windows 7. I can't use makecert because of a bug that won't allow me to install the SDK for Windows 7 because it thinks I have a pre-release version of .NET 4, but I don't. Trying to install .NET 4 informed me I have a new or better version.

I tried a registry hack that I found to get around this, which unfortunately didn't work.

I've downloaded this https://gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6#content

But can't seem to manage to get through all the steps I need to actually get my script signed so I can give it to other people to use safely.

I think I've managed to create the certificate (although I'm not sure if I did it right).

From what I can tell I need to apply a password or key to it now, and then export it? I'm still not sure how I specifically sign my script, so others can execute it as 'Signed'.

Thanks guys.

Alternatively all this could possibly be unnecessary if anyone knows how I can get relative .ps1 paths working in a .exe file?

The script works fine as a .ps1, but as soon as I compile it into a .exe using PowerGUI, these lines don't work.

. .\Import-XLS.ps1
$OutFile = ".\TEST$(get-date -Format dd-MM).txt"
$Content = Import-XLS '.\TEST.xlsx'

I instead get things like "The term '.\Import-XLS.ps1' is not recognised as the name of a cmdlet, along with some reference to a Appdata\Local\Temp\QuestSoftware\PowerGUI\ folder.

So I'm guessing PowerGUI is doing something weird, but I don't know how else to convert a .ps1 into a .exe. Depending on the answer to the main question, I may submit a new question for the .exe one officially.

Thanks guys.

XViper
  • 35
  • 6
  • Signing a script with a self-signed certificate won't make the script 'trusted' on machines that don't gave that specific cert. – bluuf Jul 07 '16 at 14:52
  • It will if they use "Set-ExecutionPolicy RemoteSigned", right? Some of the people who wanted to use this script didn't like the idea of removing the security to the level of allowing unsigned remote scripts to run. – XViper Jul 08 '16 at 00:06

2 Answers2

1

So I ended up resolving this issue with a combination of two things.

Split-Path $MyInvocation.MyCommand.Path

and

[System.AppDomain]::CurrentDomain.BaseDirectory}

I needed to use both, as the former worked in a .ps1 but not in a compiled .exe, while the latter worked in a compiled .exe, but not in a .ps1.

As the PowerGUI compiled .exe has a consistent path folder name, I ended up using the following.

$ScriptPath = Split-Path $MyInvocation.MyCommand.Path
if ($ScriptPath -match 'Quest Software') {$ScriptPath = [System.AppDomain]::CurrentDomain.BaseDirectory}

I also included the Function into the .exe (but it wasn't necessary). I then used $OutFile = "$ScriptPath\<Filename>.txt" and $Content = Import-XLS "$ScriptPath\<Filename>.xlsx"

This means I can now use a .exe instead of trying to get a working certificate for the script. While also being able to quickly test changes to it while it's still a .ps1.

I hope this is helpful for others using PowerGUI to make .exe's in the future, who also need to use relative paths.

Thanks to those that provided help and advice.

XViper
  • 35
  • 6
0

So I have not used PowerGUI to create .exe files from scripts so this is a bit of a shot in the dark but I am guessing it just does not implement dot-sourcing external files, if that is the only thing preventing you from deploying the code why not just copy the functions from Import-XLS.ps1 into the body of your script?

Mike Garuccio
  • 2,588
  • 1
  • 11
  • 20
  • Hey Mike. Yeah, I tried that in the end, but then the $Outfile and $Content files still don't work. I worked around this by setting an absolute path, but that makes the script really inflexible. Are there any other known ways of creating a .exe? (or should I ask a new question for that?) Thanks. – XViper Jul 08 '16 at 00:08
  • Alternatively if I could use some kind of variation of `$ScriptPath = Split-Path $MyInvocation.MyCommand.Path` Then use `$ScriptPath\$OutFile = "\TEST.txt"` `$Content = Import-XLS '"$ScriptPath\TEST.xlsx"` But I can't seem to get that to work either. – XViper Jul 08 '16 at 03:35
  • if its failing on things other than dot-sourcing I wouldn't bother going too deeply into it, everything will be a pain to work with anyway. but getting back to signing your script once you import it into your certificate store [more on that here](https://technet.microsoft.com/en-us/library/cc754489(v=ws.11).aspx) it should be as simple as running Set-AuthenticodeSignature and provding the right parameters [more on that here](https://blogs.technet.microsoft.com/heyscriptingguy/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2/) – Mike Garuccio Jul 08 '16 at 04:02
  • But that will still only work with people who have added you as a trusted root. if you want people to be able to run your scripts without having to do anything but right-click then you'll need a cert signed by a company that can provide trusted root certificates. there are many providers you can locate with a quick google search for something along the lines of "ssl certificate" – Mike Garuccio Jul 08 '16 at 04:04
  • Managed to solve my problem. Posting an answer now. Thanks for your help and advice though. Will certainly look into that certificate information. Thanks heaps. – XViper Jul 08 '16 at 04:35