Deploy PowerShell scripts using Scalefusion

Windows PowerShell is a powerful tool for automating tasks and simplifying configuration and can be used to automate almost any task in the Windows ecosystem. With a carefully designed script, you can automate the process of adding network drives, installing apps, updating security software, and granting a new user access to shared files. It is no wonder that it has become a popular tool among system admins and experienced Windows users.

Moving a step forward towards enhancing Windows Device Management, Scalefusion MDM enables uploading PowerShell script files and then executing those scripts remotely on Scalefusion managed Windows devices.

This document describes how PowerShell scripts can be uploaded and deployed on managed Windows devices.

Prerequisites

1. Create a Windows Device Profile
2. Enroll a Windows 10 or above device with Scalefusion
3. Supported OS Configurations:
   1. Windows 10 version 1809 and above, with Windows Pro, Business, Enterprise, Education, Home editions.
   2. Windows 7 and 8.1
      Windows OS 7 and 8.1 and Windows Home (10 & 11) devices should be enrolled with Scalefusion MDM agent
4. Scalefusion MDM agent's latest version is installed on the enrolled Windows device.
5. Make sure that you have required storage in Enterprise Store. To know more about space allocation, please visit here.
6. Enterprise App package and the following details from the developer,
   1. Powershell script (.ps1) file
   2. File size should be less than 1GB

Steps

Uploading and Installing a Powershell script

Follow the steps below to upload and install a Powershell script,

1. Sign In to Scalefusion Dashboard. Navigate to Application Management > Enterprise Store
2. Click on Upload New App > Upload Windows App
3. Choose PowerShell(PS1) to upload ps1 file that will execute the script.
4. Selecting the PowerShellwould start the Upload Windows Powershell Scripts wizard. Follow the steps below to upload the file.
   1. Enter PowerShell Script Name: Used to identify in Device Profiles
   2. Upload Powershell Scripts File: Select how you want to upload the script file,
      1. Upload Local File: Use this option if you have the ps1 file available locally.
      2. PS Script file URL: Use this option if you have hosted/uploaded the file on your servers and have a link that is accessible publicly. Provide the URL to the externally hosted file. This URL should be publicly available.
   3. Execution Level: Select one from the following:
      1. Device: The script will be executed for all existing users on the device
      2. User: The script will be executed for the enrolled user or all users depending upon the execution context you select in the next drop-down.
   4. Execution Context: Select one from the following:
      1. Enrolled User (selected by default): Script will be executed only for enrolled user
      2. All Users: Script will be executed for all the users on device
   5. Execution Schedule: Configure a schedule when you want the script to be executed.
      1. Run Once on Publish: Script will run as soon as you publish it from Dashboard
      2. Run At Every Login: Script will run every time a user logs in to the device
      3. Run on Schedule: You can select on which days the script should be executed.
         1. Select Day: Select day(s) from Monday to Sunday.
         2. Configure Time(s): You can set a time for executing the script and can add multiple time periods.
   6. Click Save
5. Once you click on SAVE, Scalefusion will process the script, and if the processing succeeds then the following dialog will be shown. Here you can select the Device Profiles where you want to publish the script and click Publish.

Checking Execution Status

After publishing, you can check the status whether the powershell script pushed from enterprise store has been executed or not, by using the View Status option.

A script that is well executed on the device, shows the status as Executed and if not then the status shows as Pending or Execution Failed.

On Device

The Powershell script executed will reflect on the device. For example, in the above step, we have uploaded a script to Enable Windows Update. After publishing, on the enrolled device, open the Services app.

You will find Windows Update in Automatic Trigger start mode enabling the detection, download, and installation of updates for Windows and other programs.

If you wish to disable Windows Update on the device, there is a Powershell script for the same. Simply upload the script file to disable Windows update following same steps and publish it. Once executed it will reflect on the managed device under Services app and disable the detection, download and installation of updates for Windows and other programs.

Uninstalling PowerShell Script

PowerShell scripts cannot be uninstalled from the devices remotely. However you can block the execution of the scripts on devices that are yet to enroll. Follow the steps below to Uninstall a previously deployed script,

1. Navigate to Application Management > Enterprise Store
2. Click on the PowerShell script that you uploaded earlier to see the script information wizard, Click on Uninstall
3. Select the Device Profiles where you want to uninstall the application and click on Uninstall
4. Once this step is done, the script will no longer be force installed and executed on the devices. However, the users need to Uninstall the application on the device.

Deleting PowerShell Script

1. In the script information wizard, Click on the Delete button
2. You will get a confirmation box. Click OK

The script file will get deleted from Enterprise Store on the Scalefusion dashboard.

Dynamic Scripts

The PowerShell scripts are static in nature that is the same script gets executed on all devices, however, in some cases, the admin may want to pass some dynamic values based on the device or user of the device where the script is executing. Scalefusion now extends the support of Custom Fields to allow for dynamic substitution using our agent. For example,

To know more about the Custom Fields feature and how to use it please refer to our guide here.

Known Behaviors

1. Powershell script will not execute at User level if devices are enrolled via Modern Management and are in Single App Mode.
2. For devices on Multi-App Kiosk mode enrolled via Modern Management, at User level, the powershell scripts will execute only if user is logged in as admin on the device.