none
Shared RDS server: howto protect certain scripts? RRS feed

  • Question

  • Hi,

    We are working on a shared terminal server on which everybody is administrator.
    Is there an easy way to password protect certain scripts/or hide them via Powershell (I could use a bitlocker vhdx but that seems a bit overkill) before I release them?

    J.


    Jan Hoedt

    Wednesday, March 9, 2016 4:51 PM

Answers

  • Change the permissions on the directory.

    When you're ready, change the permissions back.

    Or am I not understanding your question?


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by janhoedt Tuesday, March 22, 2016 3:10 PM
    Friday, March 18, 2016 3:03 PM
    Moderator

All replies

  • You can encrypt the scripts to a user account.

    Why would anyone make all users administrators.  That makes no sense.


    \_(ツ)_/

    Wednesday, March 9, 2016 4:57 PM
  • You could sign the scripts, that way only those users with access to the key would be able to modify them without rendering them invalid.

    http://www.hanselman.com/blog/SigningPowerShellScripts.aspx

    Wednesday, March 9, 2016 4:58 PM
  • I haven't heard of that one, do you have a link?
    Wednesday, March 9, 2016 5:01 PM
  • It makes sense if you have a team which uses the RDS server for remoteapps which you then can use at any computer (ISE with all modules installed), administrative tools etc.

    Jan Hoedt

    Thursday, March 10, 2016 2:50 PM
  • Thanks, but you could still read the script, right?

    Jan Hoedt

    Thursday, March 10, 2016 2:51 PM
  • Yes, signing a script will not obscure or encrypt the code so it's not readable. Then again if you're an admin then you own the computer, you should assume that everything on that machine is visible to an admin. Bluntly put based on the limited information you've given your security model is highly suspect.

    Saturday, March 12, 2016 4:17 PM
  • Understand that. I have Powershell modules that I'm working on a shared terminal server. I don't want anybody to see the code only when it's finished and cleaned up.

    Jan Hoedt

    Friday, March 18, 2016 2:52 PM
  • Change the permissions on the directory.

    When you're ready, change the permissions back.

    Or am I not understanding your question?


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by janhoedt Tuesday, March 22, 2016 3:10 PM
    Friday, March 18, 2016 3:03 PM
    Moderator
  • Fair enough. Simple but will work for now.

    Jan Hoedt

    Tuesday, March 22, 2016 3:10 PM