How to embedd compressed scripts in other PowerShell scripts

For a current project I want to create a “master script” that contains another compressed PowerShell script. This compressed script contains some informations – server names, network share names – that should be as unreadable as possible for normal users. This script is executed during user logon.

I created two scripts

  1. "compress.ps1"
  2. "execute.ps1"

The first script is used to compress a script. The second one is used to execute the compressed script.

Here is the script for compressing:

 

cls

$c = Get-Content $$ -Encoding UTF8 

$r = [string]::Join("
", $c)

$r2 = [regex]::Match($r, "(.*)(#<--)(.*)", [System.Text.RegularExpressions.RegexOptions]::Singleline)

$ms = New-Object System.IO.MemoryStream
$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Compress)

$sw = New-Object System.IO.StreamWriter($cs)
$sw.Write($r2.Groups[3])
$sw.Close();

$bytes = $ms.ToArray()
[System.Convert]::ToBase64String($bytes)

exit
#<--

Write-Host "This is a test"
Get-Service A*

The script produces a base64 string that contains everything behind "#<–".

For the script above the output is:

H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOvlsXbb797app04/ezIsmpf9laZs37Ue/cfJ53m6/zuvLYpqnx9/6jZP/By/6yuMxAAAA

Here is the execution script that contains this base64 string that represents
the compressed script:

cls

$data = [System.Convert]::FromBase64String("H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOvlsXbb797app04/ezIsmpf9laZs37Ue/cfJ53m6/zuvLYpqnx9/6jZP/By/6yuMxAAAA")

$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null

$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Decompress)
$sr = New-Object System.IO.StreamReader($cs)
$t = $sr.readtoend()

Invoke-Expression $t

This executes the following code snipped from the script above:

Write-Host "This is a test"
Get-Service A*

The output is: 

This is a test

Status   Name               DisplayName                           
------   ----               -----------                           
Stopped  AeLookupSvc        Anwendungserfahrung                   
Running  AESTFilters        Andrea ST Filters Service             
Stopped  ALG                Gatewaydienst auf Anwendungsebene     
Stopped  AppIDSvc           Anwendungsidentität                   
Stopped  Appinfo            Anwendungsinformationen               
Running  Apple Mobile De... Apple Mobile Device                   
Stopped  AppMgmt            Anwendungsverwaltung                  
Stopped  aspnet_state       ASP.NET-Zustandsdienst                
Running  AudioEndpointBu... Windows-Audio-Endpunkterstellung      
Running  AudioSrv           Windows-Audio                         
Stopped  AxInstSV           ActiveX-Installer (AxInstSV)          

Activate Claim Based Authentication afterwards with PowerShell

You can active Claim Based Authentication for a SharePoint Web App afterwards if you missed that at creation time.

Use this PowerShell script:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
[System.Reflection.Assembly]::LoadFile($Env:CommonProgramFiles+"Microsoft SharedWeb Server Extensions14ISAPIMicrosoft.SharePoint.dll") | out-null

$webapp = Get-SPWebApplication "http://<sharepoint server>/"
write-host "Current: " $webapp.UseClaimsAuthentication
$webapp.UseClaimsAuthentication = $true
$webapp.Update()

$webapp.ProvisionGlobally()

write-host "    New: " $webapp.UseClaimsAuthentication