Question: Enhanced scripting features

[openmoto]

Hi @ryanblenis,

Sorry for the dumb question but what are the chances of being able to pull data from meschentral into scripts?

Say you have a script that generates and emails HTML reports per computer.

Each group has a different user to email the reports to and a different mail server credentials to use. Without being able to query meshagent for the group name, group admin user email address, is it possible to have a json or csv file somewhere that can be used in the script without exposing it to the internet or end user? Maybe under My Files / Root / Group Name?

I thought of using script to write windows registry entry but that limits usability to Windows devices. Then thought of possibly generating local config file on each machine, but, that would potentially introduce security issues even if the file was encrypted. Using local DB would increase the complexity of the script.

[ryanblenis]

Hi @openmoto,

I'm currently working on variable substitution at the script / mesh / node level, which I think would work for what you're attempting here. I was thinking more manual entry, but the idea to pull variables from MeshCentral relative to the node sounds excellent as well and I'll have to include that.

I'm also working on functionality that will allow you to save a file to the server from the agent via ScriptTask (e.g. save the file C:\Windows\Temp\myfile.csv to My Files / Root / Group Name / file_name.csv, which may also work instead of having each script email results (unless of course it's going to someone without MeshCentral access, but I'm also trying to integrate a server-side email function to ScriptTask as well).

So it's entirely possible and coming (albeit slowly, I have a lot on my plate right now).

[openmoto]

Thanks for the quick update.

Yes, that's what I was hoping to achieve. The information would have to be entered manually initially and possibly also kept up to date manually. Once it's set for each mesh or node, then the script could run as many times as needed always pulling the provided information.

I took your advice on the other post, which is sufficient for me as of now as I'm able to select options in powershell based on the mesh name.

It's not an urgent matter, just trying to see if there's anything available I can take advantage of.

It would be great to be able to store passwords/secrets that will be hidden from everyone but the admin user, so even if a non admin user is allowed to run scripts, they can utilize the passwords without actually seeing them. I've just started trying out Microsoft.PowerShell.SecretsManagement and seems like a good way to store those locally per machine and safely. It seems to be very new so thought I'd mention it here in case it's useful.

Thanks

[ryanblenis]

Hi @openmoto,

Variables have been introduced in the latest version, give it a whirl and let me know what you think. I'll wait a few days before closing this out as fulfilled.

[openmoto]

Hi @ryanblenis, I think I'm missing it. I've upgraded to ScriptTask 0.0.14, I don't see where to set the variables. Any quick tips on how to set and use the variables from script?

Thanks

[ryanblenis]

It's in the bottom-right (under Script History) and there is a [ + ] sign to add variables. Reference them in a script by using #variableName#

More info on parse order, etc. can now be found in the ReadMe

Let me know if that isn't clear enough or you think there could be clearer instructions to help people. Thank you!

[openmoto]

Really odd. Here's what mine looks like I've tried Firefox and IE, chrome incognito and cleared my chrome cache just to be sure it's not some weird issue on chrome. Just finally removed and reinstalled the plugin but doesn't seem to be coming up for me.

[ryanblenis]

Odd, and you're updated to 0.0.14? I wonder if there's a caching issue with the browser. Can you check the version, and if you're up to date, open chrome dev tools and on the Network tab check "Disable cache" and then reload the page (with dev tools open).

If that doesn't work, try uninstalling / re-installing the plugin so it gets a fresh copy (all your data will still be there).

[openmoto]

Hmmm.. I tried all that and it didn't seem to help. Then I updated from 0.4.9-k to 0.4.9-o and it just showed up! I think all I needed to do in the first place was restart meshcentral? I'll do some testing this week and report back.

[openmoto]

@ryanblenis , First test just worked, substituting variable in powershell script. No issues at all. I have a suggestion, though I'm assuming you probably have something in the works for some of it.

1. When creating variables, is it possible to add a checkmark "Hide Value" or "Is Secret"? Just to make the value hidden behind ****

2. Possibly prevent non admin from editing or viewing script content as well as variables. if the first one is done without the second, someone can easily edit script to display or write the password to a location they can read.

3. Possibly hide variables completely from users that are not Administrators?

I'll try create new non-admin user to test further.

Thanks for the great work so far. I understand you're doing this on your personal time and it takes a lot of work, so I'm very happy with what's available now.

[ryanblenis]

Interesting on the restart loading the updated interface, do you have Nginx or a reverse proxy in front of MeshCentral? I wonder if there is caching going on there, because the file that serves that content is served from disk at every page load.

I agree there should be some secrets preservation, but I need to find the best way to accomplish this across OS's, which could be as you mention, preventing certain users from editing / viewing scripts and variables. Of course, the scripts are written (however temporarily) to disk on the agents during script execution. Powershell has ConvertTo-SecureString, but bash and cmd do not. Let me see what I can come up with.

[openmoto]

Update: I upgraded script task on a different server (Windows server 2012 R2 and mesh central 0.4.9-k and it seemed to just work. I didn't have any reverse proxy setup on the initial server, just a plain Ubuntu 18.04 x64 VPS with meshcentral.