Powershell Execution Policy Bypass

Discuss new project and feature ideas here.
See labs.nagios.com for new projects under development.

Powershell Execution Policy Bypass

Postby redskins1234 » Wed Nov 14, 2018 9:54 am

The current powershell wrapping looks like the following, and requires your execution policy to be set to remote signed.

;Powershell wrapping
ps1=cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

Ideally in our environment, we do not want to open up the execution policy. We've avoided this when running scripts via task scheduler by running them in the following way
powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\PATH\TO\FILE\script.ps1

Bolded for attention is the switch that lets an admin do a one time bypass of the execution policy. This lets us keep it restricted system wide, while still running automated tasks.

From my own research and testing, Nagios does not support this switch, due to the weird wrapping.

Is there any possibility of further support for this in the future?
redskins1234
 
Posts: 7
Joined: Wed Nov 14, 2018 9:48 am

Re: Powershell Execution Policy Bypass

Postby ssax » Wed Nov 14, 2018 5:21 pm

You must be referring to NSClient++, correct?

What version of NSClient++ are you running? You can find the version next to the program in the Programs and Features control panel item.

While I did not update my wrappings, I have a command defined with exactly this that works as expected:

Code: Select all
[/settings/external scripts/scripts]
check_ohm_temperatures=cmd /c echo scripts\\check_ohm_temperatures.ps1 -warning $ARG1$ -critical $ARG2$; exit($lastexitcode) | powershell.exe -noprofile -executionpolicy bypass -command -


Can you explain by what you mean by "Nagios does not support this switch, due to the weird wrapping." so that we can troubleshoot further?
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
ssax
Dreams In Code
 
Posts: 4298
Joined: Wed Feb 11, 2015 12:54 pm

Re: Powershell Execution Policy Bypass

Postby redskins1234 » Mon Dec 10, 2018 5:10 pm

Hmm, looks like this does work. On some hosts it was not working so maybe it's an issue of different versions? Either way, thank you.
redskins1234
 
Posts: 7
Joined: Wed Nov 14, 2018 9:48 am

Re: Powershell Execution Policy Bypass

Postby ssax » Tue Dec 11, 2018 4:51 pm

That could be, did you try upgrading the version to see if that fixes it on the ones that aren't working? Are the nsclient.ini configs the same?
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
ssax
Dreams In Code
 
Posts: 4298
Joined: Wed Feb 11, 2015 12:54 pm

Re: Powershell Execution Policy Bypass

Postby ssax » Wed Jan 30, 2019 5:11 pm

@AudyIltis, that is correct, thank you for posting that information, future readers will certainly find it useful info.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
ssax
Dreams In Code
 
Posts: 4298
Joined: Wed Feb 11, 2015 12:54 pm


Return to Nagios Ideas

Who is online

Users browsing this forum: EvelynFouct and 1 guest