Jul 07 2022 03:57 PM
Hi Everyone,
I am trying to run a powershell script using the PSF binaries in a MSIX package. However, it is not working. The powershell script on its own is working as expected. Can someone look into the config.json file I am using.
The content of the config.json file is:
{
"applications": [
{
"id": "TRMANIFEST",
"executable": "VFS/ProgramFilesX86/Maersk Denizcilik A.S/TRManifest_Setup/TRManifest2009.exe",
"stopOnScriptError": false,
"startScript":
{
"scriptExecutionMode": "-ExecutionPolicy Unrestricted",
"scriptPath": "MapDrive.ps1",
"showWindow": true,
"runInVirtualEnvironment": false,
"waitForScriptToFinish": true,
"timeout":10
}
}
]
}
Let me know if there is something wrong in this file.
Jul 12 2022 02:46 PM
Jul 13 2022 11:12 PM
Jul 20 2022 07:10 AM
Hi @Aniket_Banerjee @TIMOTHY MANGAN
Application Name : Notepad++
Requirement : copying file config.xml (to suppress auto updates)
File Location: $Env:ProgramFiles\WindowsApps\Notepad_1.0.0.0_x64__vwr83xx145m1c\VFS\ProgramFilesX86\Notepad++\config.xml
File Destination : %localappdata%\Packages\Notepad_vwr83xx145m1c\LocalCache\Roaming\Notepad++
==============================
I am trying to copy config.xml file from MSIX package install directory location to users localappdata. the file contains settings to suppress auto update. I did everything required, but not able to succeed to achieve the output. Could you please suggest where I am missing. I have attached config.json, copyfile.ps1, MSIX PSF files pictures, please review.
I followed below link:
https://www.alexandrumarin.com/add-powershell-scripts-in-msix-with-psf/
https://docs.microsoft.com/en-us/windows/msix/psf/run-scripts-with-package-support-framework
https://techcommunity.microsoft.com/t5/msix/notepad-automatic-language-configuration/m-p/3558411
but no luck. please assist.
THANKS in Advance.
Jul 20 2022 08:37 AM
Jul 20 2022 08:46 AM
Jul 20 2022 07:02 PM
Jul 20 2022 09:20 PM
@SJamal85Aside from folder layout / pathing issues, if you try to run a script hidden in the background (unsigned,) without any user interaction, it will fail unless the execution policy is set to "Bypass." I don't think I've ever run an unsigned script without it being set to "Bypass."
"Set-ExecutionPolicy - Parameters" -> https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy...
"Bypass. Nothing is blocked and there are no warnings or prompts.
Unrestricted. ...If you run an unsigned script that was downloaded from the internet, you're prompted for permission before it runs."
How to: Sign application and deployment manifests | Methods of signing scripts
NOTE: It also depends on what revision of Powershell the host machine has, ( must have WMF 5.1 ) how up-to-date the cmdlets are, whether it has the latest certificates / protocols, etc (even though that's almost outside of the scope of what you're trying to accomplish. I'm more describing roadblocks which would hinder the functionality / usefulness of your script over the long-term. )
# ExecutionPolicy -List
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser -Force
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine -Force;
Set-PSReadLineOption -HistorySaveStyle SaveNothing -MaximumHistoryCount 1;
Write-Output "Remove-Module PSReadline" | Out-File -FilePath $PROFILE -NoNewline -Width 24;
# Set-Content -Value "Remove-Module PSReadline" -NoNewline -Path $PROFILE;
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
Install-PackageProvider -Name NuGet -Scope AllUsers -Force;
Install-PackageProvider -Name PowerShellGet -Scope AllUsers -Force;
Get-Module -ListAvailable | Update-Module -Scope AllUsers -Force;
Update-Help -Verbose -Force -ErrorAction SilentlyContinue;
Obviously you could also run a batch file instead, that utilizes powershell without a profile. In theory, you could use this if you wanted to to launch another script to get around access restrictions, to chain scripts / batch files in succession, or it's an environment with a mix of batch files, powershell scripts, etc, where you might only want a few cmdlets, and the rest of the focus is on other scripting languages.
powershell -noprofile -Command "& {New-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\temporaryentry'}"
powershell -noprofile -Command "& {Remove-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\temporaryentry'}"
The onus is on the person installing the MSIX package, to verify whether or not it's safe to use. It's not like this is enabling malicious software, and there are plenty of ways to add safeguards. You could find a way to sign all of your scripts and code before distributing them, with public / private key certificates. It seems more like this is just for personal use, so it would be hard to justify that type of workload. You could even use OpenSSL 3.x to generate it, and convert it to a .PFX file afterwards. To distribute it though, you would probably need to leverage either a post-paid or free certificate authority, for code signing or just generating RSA / ECC certs. It really depends on what it is. I mean I compiled OpenSSL on Windows, and then used it to generate a whole bunch of generic certs by hand ( utilizing cryptographically secure seed values on an air-gapped device, with virtual memory disabled, etc. I erased my seed values after with Sdelete. )
Jul 21 2022 01:24 PM
@TIMOTHY MANGAN , @Aniket_Banerjee I am attaching few screenshots, please check if I am making any mistakes here.
Jul 21 2022 04:42 PM
SolutionJul 25 2022 06:24 AM
Jul 29 2022 11:31 AM
hi @TIMOTHY MANGAN : just out of curiosity, does MSIX also support VB script or now all required scripting needs to be done through Powershell only with MSIX?
Jul 29 2022 02:16 PM
@SJamal85 It must be Powershell. You can provide a PS wrapper script that calls a VB Script.
Sep 13 2023 02:16 AM
i have a question regarding a powershell script in my msix package. i want to copy files from the windowsapps folder to appdata.
i added the script and also all psf files into the root of the package. When i start the application it says me
i tried Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Currentuser -Force and Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope LocalMachine -Force in the package but it doesnt work.
what is my fault? Can you help?
thanks and best regards
Sep 13 2023 03:17 AM
Sep 13 2023 03:21 AM
so you mean i can remove the set-executionplicy from my script and add the line scriptExecutionMode: to my config.json?
thanks
Sep 13 2023 07:54 AM
Sep 14 2023 07:24 AM
Sep 14 2023 08:14 AM - edited Sep 14 2023 08:16 AM
@sebastianpehlke Yes there is a way to accomplish what you need.
Generally, you can't write to the WindowsApps area, but you can instead write to the redirection area that the PSF file-based fixups (FileRedirectionFixup or MfrFixup) generally use. Even without the file-based fixups in use in your package, the MSIX runtime will then find the VFS redirected files for Program Files and Windows.
The scripting engine provides two pseudo-variables to help you in specifying the file locations as arguments to your scripts. %MsixPackageRoot% specifies the package folder under WindowsApps (which helps when you change package versions you don't need to edit that). %MsixWritablePackageRoot% specifies the package folder under %LocalAppData%\Packages for this package (which is the version independent redirection area). You can read more about this on the wiki page PsfLauncher · TimMangan/MSIX-PackageSupportFramework Wiki · GitHub
Note that these pseudo-variables are referenced in the config.json file "Arguments" field and are passed into your script after they are dereferenced by Psflauncher.
Jul 21 2022 04:42 PM
Solution