How to use PShellExec

PShellExec is a free tool that interacts with the user to secure and execute PowerShell scripts, or it can run unattended. The ShellServe™ option lets users execute scripts from a web browser.

To download the latest version click here. Another safe download site is at CNet. 
PShellExec is certified to be 100% virus free by the above sites. Users can quickly check for any known threats posed by an application by visiting the McAfee or Symantec threat info centers.

PShellExec uses several methods to protect your PowerShell scripts from prying eyes. It deters unauthorized use and intellectual property theft - click here for more information. Starting with version 1.3.1 PShellExec includes a GUI interface and can be used with PowerGUI's Script Editor via a free Add-on.

Feel free to suggest new features for enhancing your scripts security.

Prerequisites

PShellExec requires PowerShell Version 2.0 or later and runs under the following Windows Systems:

   - Windows 11 / 10 / 8 / 7 / Vista / XP
   - and Windows Server Editions

To enable better script compression and stronger security options for users, PShellExec uses the free 7-Zip utility from the 7-Zip download site. The Compressed option is enabled, when the utility is installed.

Installation

PShellExec is distributed as zip file, containing several files: PShellExec.exe, licence.txt, HowToUse.html, HowToShellServe.html, ShellServe.html, sample scripts ConsoleTest.ps1 and a setup command for the ShellServe™ configuration.
Just unzip the files in a <directory> and you are ready to start using it.
To verify the checksum listed alongside the version in the release notes below, visit this site and select the unzipped PShellExec.exe file.
Start > Run command > "<directory>PShellExec" /? will show the command line options for PShellExec.

ShellServe™ is an option that allows users execute PowerShell scripts from a web browser on any device.

PShellExec does NOT require any other install/uninstall procedures and it does NOT alter the Windows Registry. All claims to the contrary are bogus.

Release notes

Version 2.3.0 - Includes .Net and TLS updates - SHA256: 45AD547B0E70BC1E4344B93225720CD2851C0CDF5C0E3B5E170AB1A2E68EF3AB					
Version 2.1.4 - Randomize Option + .Net Framework updates - SHA256: B1A357C23B7476352386FE3A61CA99D0995FFD58B1E588441FA94D15CC5BBEC9					
Version 2.1.2 - Memory use + ShellServe updates - SHA256: 6BBE89B6AE085F530C133AF5A91D267FFF57937301ECADE69A1DCE7310066C47
Version 2.1.1 - Compression + Security Updates. Checksum - SHA256: C27B5E9928C764C8A0503DF22E0AD7B59DD8864D0C7EB5133C273AAB6A010882
Version 2.1.0 - ShellServe service updates and Checksum verification - SHA256: 3A888D7E39083A10827AD25AF083D60E8E65CF6177CE57D5AE73FB752DF9E77D
Version 2.0.0 - Adds 'Randomize' option to generate random names in a script
Version 1.8.6 - Fixes Close and Exit issues
Version 1.8.5 - Changes in GUI and ShellServe optimizations
Version 1.8.0 - Adds ShellServe™ web service for executing scripts from a browser; Creates shortcuts for script execution.

Examples

Below are examples of command line parameters for running PShellExec. To run with the GUI, simply start PShellExec.

How to create a secured script file

   1)  PShellExec example.ps1 /e
   2)  PShellExec example.ps1 /e /p:yourpwd
   3)  PShellExec example.ps1 /e /b:yourpwd

The examples create a secured example.ps1.bin script file in the same directory.

The first example creates a secured example.ps1.bin script file without a password. Anyone can subsequently run PShellExec with this secure script file as input.

The second and third examples create a secured example.ps1.bin script file with a password. In Example 3 the password is base64 encoded. Only users who have the password can run PShellExec with a password secured script. If you loose or forget the password, password secured scripts become useless! Keep your password and original .ps1 scripts in a safe place.

Passwords must have at least 4 characters. If you omit entering a password following the /p: or /b: parameters on the command line, PShellExec will prompt for it.

For better script compression and security, use the /c switch. See the 7-Zip prerequisites section above for this option.

Please NOTE that not all versions of this utility are downward compatible with older .ps1.bin files.

How to execute a script file

PShellExec executes all scripts in memory and does not allow users to view or change secured scripts.

   1)  PShellExec example.ps1
   2)  PShellExec example.ps1.bin /p:yourpwd
   3)  PShellExec example.ps1.bin /b:yourpwd
   4)  PShellExec example.ps1 /a:"-period, Monthly, -days,'30 days'"
   5)  PShellExec example.ps1.bin /p:yourpwd /f:"myFunction 'abc' '123' "

The first example executes an unsecured example.ps1 script file. Use it to test your script and its output before securing it.

The second and third examples execute a secured example.ps1.bin script file with a user provided password. If you omit entering a password following the /p: or /b: parameters on the command line, PShellExec will prompt for it.

Example 4 passes arguments to a script that is expecting four arguments. Use as many /a: command parameters as required and in the order expected by your script. Note that for arguments starting with a question mark, PShellExec will prompt for their values. For instance, /a:"?Monthly" will prompt for a replacement value for the argument, before executing the script. Starting with PShellExec version 1.4.1 the arguments are comma separated.

In example 5 the script execution starts with the function named myFunction defined inside the script, passing it the strings 'abc' as its first parameter and '123' as its second parameter. PShellExec will prompt for values for parameter strings starting with a question mark: '?abc' will ask you to enter a parameter.

NOTE: Use the /c switch, if the input script is compressed and was created with the same switch.

Starting with version 1.6 users can drag and drop script files in the PShellExec window.

How to use the console and built-in variables

Use the /s command line parameter to submit the console output to the Clipboard when the script ends.

The script file ConsoleTest.ps1, part of the download, contains examples of console input and output, including secure string handling. Run "PShellExec ConsoleTest.ps1 /s" to see its console interactions.

PShellExec prompts the user for input using a dialog box. In order to be prompted at the command line, users can run the following command in Windows PowerShell Run as administrator:
Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds' ConsolePrompting $true

The built-in variable $MyInvocation used in scripts with PShellExec returns empty or null for: $MyInvocation.ScriptName, $MyInvocation.InvocationName, $MyInvocation.MyCommand.Name and $MyInvocation.MyCommand.Path (when used outside a function.)

$PSExecName is a variable made available by PShellExec to users. $PSExecName is a string with the full script filename, including its path. An example of its use is shown in ConsoleTest.ps1.

$PSExecOut is another variable made available by PShellExec to users of ShellServe™.  The response users would like to see from the browser invoked script should be assigned to $PSExecOut. See SQLInfo.ps1 for an example of how $PSExecOut is used.

How to package additional files with you script

Use the 7-Zip compression utility (Compressed option of PShellExec) to secure the script.
PShellExec automatically packages any additional files that are listed in a separate file with the script's name and a .txt extension. Each additional file name should be listed on a seperate line inside the .txt file. The .txt file should be placed in the same directory as the script.

A second option is to manually rename the .ps1.bin file extension to .ps1.zip and then use the 7-Zip file manager 7zFM.exe to drag-and-drop the additional files.

All files are extracted automatically and every time PShellExec executes the .ps1.zip script. Note that newly added files using 7-Zip are not password protected.

How secure is secure?

Several methods are used in PowerShell to secure and execute scripts in memory.