Devolutions ForumDevolutions Forum

Verify Embedded script in powershell entries

Verify Embedded script in powershell entries

avatar
mdh1

Hi all,
I'm trying to ensure that all powershell entries in RDM have transcript enabled to a specific central location. My intial thought was to make a basic embedded script that enables the transcript and then as a scheduled task on the server, continously check that all powershell sessions created in RDM utilizes this script.
The closest thing I've come so far, is to check for entries of the type Powershell and then check these entries on the attribute Powershell.EmbeddedScriptCompressed, like so:
(Get-RDMEntry | where {$_.ConnectionType -eq "Powershell"}).Powershell.EmbeddedScriptCompressed
I do get an output, but it's not exactly in a usefull format. Is there any way to achieve what I'm trying to accomplish?

All Comments (2)

avatar
mdh1

Got it resolved. I run the following script that checks and compares embedded script on all powershell sessions, if the powershell session does not use the demanded script, the entry is being locked:

#Requires -Version 7.5

function Expand-RDMScript {
    param (
        [byte[]]$CompressedScript
    )

    $memoryStream = New-Object System.IO.MemoryStream
    $memoryStream.Write($CompressedScript, 0, $CompressedScript.Length)
    $memoryStream.Seek(0, 'Begin') | Out-Null

    $deflateStream = New-Object System.IO.Compression.DeflateStream($memoryStream, [IO.Compression.CompressionMode]::Decompress)
    $streamReader = New-Object System.IO.StreamReader($deflateStream, [System.Text.Encoding]::UTF8)

    $decompressedScript = $streamReader.ReadToEnd()

    $streamReader.Close()
    $deflateStream.Close()
    $memoryStream.Close()

    return $decompressedScript
}

# Control Script
$fromFile = Get-Content -Path "C:\Scripts\RDMPSDefaultEmbedded.ps1" -Raw

# Normalize line endings and trim
$normalizedFile = $fromFile -replace "`r`n", "`n" -replace "`r", "`n"

# trim trailing whitespace
$normalizedFile = ($normalizedFile -split "`n" | ForEach-Object { $_.TrimEnd() }) -join "`n"

# Sanitize template and actual script
$normalizedFile = $normalizedFile.TrimEnd("`n", "`r")

$PSEntries = Get-RDMEntry | Where-Object { $_.ConnectionType -eq "Powershell" }
Foreach ($Entry in $PSEntries){
$compressedScript = $entry.Powershell.EmbeddedScriptCompressed
$decodedScript = Expand-RDMScript -CompressedScript $compressedScript
$fromRDM  = $decodedScript
$normalizedRDM  = $fromRDM  -replace "`r`n", "`n" -replace "`r", "`n"
$normalizedRDM  = ($normalizedRDM  -split "`n" | ForEach-Object { $_.TrimEnd() }) -join "`n"
$normalizedRDM  = $normalizedRDM.TrimEnd("`n", "`r")

# Compare the scripts
if ($normalizedFile -eq $normalizedRDM) {
    Write-Host "Scripts match!" -ForegroundColor Green
} else {
    Write-Host "Scripts do NOT match!" -ForegroundColor Red
    Set-RDMEntrystatus -InputObject $Entry -Status 'Locked' -Set
}

}
avatar
Samuel Dery

Hello,

Thank you for sharing the resolution! Hopefully, it will be helpful for others who may need the same thing.

Feel free to let us know if you have further questions,

Best regards,

Samuel Dery