how can I execute a Powershell script via BatAction?

0053X00000CsLo3QAF · November 4, 2021, 7:47am

Hello,

I have the following problem.

I want to customize a user role via Powershell and the MilestonePSTools.

The PS script is running so far and I have created a batch file that runs the PS script.

If I run the batch file directly in Windows, everything works so far.

If I start the batch file via CMD, it also works so far.

However, when I take the BatAction tool and ask a rule to run the bat file, nothing happens.

At first I thought that the rule is not triggered, but then I added a log entry as action and this is also written, so the rule is executed.

If I create a BAT file that sends an HTTP API to a camera via CURL, then that also works via BatAction, it just doesn’t start the Powershell script for me.

In the BAT file I have entered the following:

PowerShell.exe -Command “& ‘[C:\PowerShellHUB\KameraAN.ps1’](file:C:/PowerShellHUB/KameraAN.ps1’)”

Tried also with

PowerShell.exe -ExecutionPolicy Bypass -Command “& ‘[C:\PowerShellHUB\KameraAN.ps1’](file:C:/PowerShellHUB/KameraAN.ps1’)”

When I run this in Windows, it works as well.

Is there anything else I need to take care of here? Rights wise?

So that I can execute the PS-Script via BatAction?

I am grateful for any tip.

Many greetings

Maik

Rik · November 5, 2021, 2:20pm

We assume that Management service runs as Network Service and it cannot execute a Powershell due to lacking permission.

https://developer.milestonesys.com/s/article/service-accounts-users-permissions-in-XProtect-white-paper

Also, this might be helpful if the service would not start after changing service account.

https://developer.milestonesys.com/s/article/Management-Server-service-does-not-start-after-changing-the-Service-Account

0053X00000AolUnQAJ · November 10, 2021, 1:06am

Hi Maik,

I’ll try to get a guide published on this by the end of the week. The BatAction plugin is a really cool way to use Milestone rules to trigger scripts to run, and to pass some simple metadata into those scripts like source device ID, and rule name.

I noticed that there are some rule actions where the BatAction plugin is not an option - basically the plugin doesn’t recognize some rule triggers as applicable to the actions it publishes.

Also, the scripts will run in the context of the Event Server service. So if you are relying on any SecureStrings that you saved under your Windows user, those things can’t be decrypted by the script when run under the context of a different user account. So that’s something you may need to account for.

I like to use Start-Transcript as a quick and easy tool to add logging to a script, so you might put that in your script to see if it actually executes, and if so, if it throws any errors that will help you debug why your script isn’t running. I’ll make sure to show an example of this as well.

Cheers,

Josh

0053X00000AolUnQAJ · November 11, 2021, 6:17am

Hi Maik,

I posted a guide to using MilestonePSTools through the BatAction plugin, complete with a quick-install script and a sample CameraReport.bat and CameraReport.ps1 file.

Let me know how you get on with it!

https://www.milestonepstools.com/guides/using-bataction-plugin/