cancel
Showing results for 
Search instead for 
Did you mean: 

NTX PowerShell Action - Initial Beta Release

Workflow Hero
28 47 6,703

NTX PowerShell Action - Initial Beta Release

*** Please see this thread for updated information: NTX PowerShell Action - Stable Release ***

Features

  • Robust security features based on Windows Remote Management.
  • Ability to execute PowerShell scripts from any machine allowing Remote Management from your SharePoint servers.
  • PowerShell exceptions are handled so workflows are unaffected.
  • OpenSource
  • Actively Developed
  • Automated Installation Routine

Planned Features

  • Async PowerShell script execution
  • Script Repository
  • Run worker as a centralized SharePoint service instead of in Workflow Infrastructure
  • Pass SPServer object to PowerShell session for determining executing server.

Current roadmap/planned features can be found here.

Downloads

NTX PowerShell Download

NTX PowerShell CredSSP (Solution Only)

Disclaimer: As stated in our Terms of Use, Nintex is not responsible for any third-party content made available for download on Nintex Connect, whether or not this content has been reviewed and/or moderated by Nintex and regardless of who originated that content (including, but not limited to, Nintex employees, partners, affiliates, or moderators).  Users shall assume all risks associated with applications and other content provided on Nintex Connect.  Nintex does not provide support for any content and plugins provided for download at communities.nintex.com.

Source Code

Source Code

Screen Shots

NTXPS_Screenshot.png

screenshot.jpg

47 Comments
Not applicable

Thank you for this great article Aaron!

Workflow Hero

Great tool. But for enterprise use it's better to break general purpose PoSh activities into reusable but laser focused activities that cannot harm by inadvertently overburdening the infrastructure or outright doing bad things.

Workflow Hero

Considering the way the action works, I feel like the threat of that happening is low (the target executing machine must have WinRM enabled and the user specified must also be a local admin or be configured with least permissions to execute PS via WinRM.)

The only current pitfall I see with this action and system load is that it is a blocking action and is subject to the same batch timeouts as other sequential workflow activities. I do have this on the road map to be addressed however.

The game plan is to have a service (Windows or SharePoint) that actually performs the work so that the action can fire it up asynchronously and check up on the status of the PS session via a token system.

I welcome your thoughts opinions on that approach as it is still in development!

Workflow Hero

Additionally, the same thing could be said for a lot of the other fairly open ended actions in Nintex Workflow (Call Web Service, Web Request, etc).

Workflow Hero

And that seems the reason for "Allowed actions" to exist in Nintex Workflow Settings, right? ;-)

Workflow Hero

That was my thoughts on it! There are quite a few checks and balances in there.. I always like to empower when possible and ensure there are plenty of options to manage potential abuses..

Workflow Hero

THIS is the best thing since the "self toasting knife bread",

Nice work mate

Workflow Hero

Nice work, Aaron!

I can see this coming in very handy in a number of SP admin and overall infrastructure scenarios. Gosh how I hated doing all of that heavy lifting with AutoIT and other assorted scripts back in the day.

Workflow Hero

If you have any cool usage stories, please do share! I am working on a few ideas myself to share with the community..

Not applicable

Hi Aaron,

Great work. I noticed an issue: When I use hashtables in my script the script doesn't work. Definitely because nintex also uses "{" do declare placeholders for variables.

Greetings Sacha

Workflow Hero

Use {TextStart}function scriptblock() {}{TextEnd} to work around

Workflow Hero

That should do the trick!

Not applicable

Hi,

Good job on this, I got it installed properly.Your custom action workflow for PowerShell command works fine but has soon as I try to load the Add-PSSnapin "Microsoft.SharePoint.PowerShell" and run a SharePointShell command I recieve an error :

SQL database login for 'SharePoint_Config' on instance 'SERVERNAME' failed. Additional error information from SQL Server is included below.  Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Looks like it"s not passing the credential for the second hop. I configured the client, the server and the GPO.

Both client and server WSMAN connection are set up properly since I am able to connect remotely and run SharePointShell command while providing credential using the following Powershell command.

Enter-PSSession -ComputerName computername -Authentication CredSSP –Credential domain\user

Add-PSSnapin "Microsoft.SharePoint.PowerShell"

Get-spsite

Any tought on this?

Workflow Hero

Are you running Server 2008 or 2008R2? The authentication type currently used by the action is Basic which works pretty much out of the box with Server 2012. The issue you are seeing is indeed a double hop authentication issue. I am currently looking at adding an option to change the authentication type from basic to CredSSP or Kerberos.

I do have a separate build of the action that supports CredSSP exclusively that you could use. I will upload a build to Codeplex and mark it CredSSP.

Not applicable

I am running a 2012 server environment. I am going to try you solution that support CredSSP and come back to you. Thanks again for this quick response.

Workflow Hero

That is very strange, all of the environments (Server 2012) I have tested this on worked out of the box with the basic authentication.

Workflow Hero

Here is the patched release: NTX - Download: NTXPS_CREDSSP_29127

Not applicable

Works like a charm! Good job and again thanks for been so effective.

Workflow Hero

No worries! Thank you for bringing it to my attention, please let me know if you run into any further issues. I am aiming for bug free!

Not applicable

Hello

Excellent custom action. We are finding that we can't use any variable in the computer name property.

I am suggesting a change on line 222 on Activity.cs

                var computerName = ComputerName.StartsWith("{") ? ctx.AddContextDataToString(ComputerName, true) : ComputerName;

                LogHelper.LogInfo(Cat, "Executing script as " + runtimeUsername + " on " + computerName + AppName + ":" + PortNumber + " SSL Enabled: " + SSLEnabled);

                ps.CreatePowerShellRunspace(SSLEnabled, computerName, PortNumber, AppName, ShellUri, runtimeUsername, runtimePassword);

Not applicable

Aaron, are you able to share the password you used in the key file?

Workflow Hero

I'll have a look and compile the changes in. Thanks!

Workflow Hero

Unfortunately I cannot share the password for the key as it is there to uniquely identify myself as the developer/compiler. That said, it is just a self signed cert. Feel free to compile/sign with another certificate. If you wish to branch/fork the action feel free to do that as well.

Not applicable

Well, I can't change your mind, but that prevents you from received free help from the community who could be enhancing your initiative. You are and should always be identified as the person who started it, but if you want the community to give you the best input you should allow anyone compiling the solution.

By not providing it there is a need to change the strong name, which should be also followed by renaming the Action.

That is fine, I will fork it out and allow anyone compiling/improving it.

Workflow Hero

You make a valid point. I did not think about the change in the strong name. Let me look up the key for the cert. I will update the documentation on CodePlex with the info.

Workflow Hero

Run as is not running with account mentioned instead i see its passing as anonymous any idea how to get this done?

I'm directly passing a PS file location in the PS Script, that will run the PS file, but in the ULS  i see its accessing as anonymous.

Workflow Hero

Hi Indra,

You might try using the CredSSP version of the action. If you run a scrip that has 'whoami' in it, what returns?

Workflow Hero

This looks great.  Thank you so much!  I got it installed, the only issue I have is the "Result Output" field.  I can't enter anything and the combo box is empty.  Something I did wrong?  Thanks.

Workflow Hero

Sorry to bother you with this, I figured it out. 

Workflow Hero

No worries! For any future readers, you need to create a multi line variable and select it in this field.

Workflow Hero

This is probably ignorance on my part again, but my workflow does not execute the script.  I shared out the folder containing the script, and I can execute it from a powershell window on another server.  I have the UNC path in the PowerShell Script box, and I have the servername with domain in the Server Name field.  (servername.subdomain.domain.ext)  I don't see anything in the ULS logs with the script name referenced.  The wf, which has only the single step of the PowerShell action, completes without error.  Any help greatly appreciated.

Workflow Hero

No worries at all! Do you see anything in the ULS logs at all that reference the NTX action? The correlation should step through each step of the action. You may need to flip on verbose momentarily to catch some of the messages.

Additionally, do you see anything in the event logs of the server that is executing the action (it could be any server running the workflow infrastructure service).

Workflow Hero

Thanks.  Searching on NTX, I found this: 

               Legacy Workflow Infrastructure  00000    Unexpected        Error Data:
System.Management.Automation.Remoting.PSRemotingTransportException:
Connecting to remote server  servername.subd.dom.ext  failed with the following
error message : The client cannot connect to the destination specified in the
request. Verify that the service on the destination is running and is accepting
requests. Consult the logs and documentation for the WS-Management service
running on the destination, most commonly IIS or WinRM. If the destination is
the WinRM service, run the following command on the destination to analyze and
configure the WinRM service: "winrm quickconfig". For more
information, see the about_Remote_Troubleshooting Help topic.     at
System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult
asyncResult)     at System.Managemen...  5414bdb2-702c-48d1-bdc0-529f725cbc75

09/11/2015
15:16:13.04*              w3wp.exe
(0x2810)                         0x05A4  Unknown                                      Legacy Workflow Infrastructure  00000    Unexpected               ...t.Automation.RemoteRunspace.Open()     at
PSActivity.PSHelper.CreatePowerShellRunspace(Boolean UseSSL, String
Computername, Int32 Port, String AppName, String ShellUri, String UserName,
String Password)     at
PSActivity.Activity.Execute(ActivityExecutionContext executionContext)     5414bdb2-702c-48d1-bdc0-529f725cbc75

I will check the event logs to see if I can find anything related.  Thanks.

Workflow Hero

That would be the cause. You need to ensure that the machine you are connecting to has WinRM configured. To help isolate the issue a bit more (WinRM or NTXPS) you can check out this documentation: NTX - Documentation 

Workflow Hero

Thanks Aaron ur solution working perfectly. My "Usercreation Formula" is generating AD, Lync, Exchange objects without any problems.

Workflow Hero

Awesome! Glad to hear it is working well for you.

Not applicable

Will this work with Nintex O365? That would be awsome!

Workflow Hero

Hey WOuter Kessener​, no this is for on-prem only at this point in time.

But, I agree, it would be pretty awesome for O365 as well. I'm thinking someday.

Workflow Hero

Hey developers! Read this thread!

Workflow Hero

Hi, works that with Workflow and SharePoint 2016?

Workflow Hero

Just 2013 at the moment.

Cheers!

Aaron

Workflow Hero

Hi Aaron,

have you planned that to create a 2016 Version?

thanks Lars

Workflow Hero

Hi Lars,

I do have plans for a 2016 version. I just have not had the time to setup a 2016 development environment yet.

Cheers!

Workflow Hero

Hi Aaron Labiosa‌, any status update regarding plans for a release compatibility for Nintex Workflow 2016 / SharePoint 2016? Thanks a bunch!!

Workflow Hero

Hi Adam Tobias, I tested it today with the last stable release, which I still had from Codeplex, on a freshly installed SharePoint 2016 on a Windows Server 2016 with Nintex 2016 installed and it worked like a charm.

Only thing I needed to do manually was the edit in the web.config and I needed to use a FQDN in the action itself, where you enter the computername. On my 2013 environment it was ok with computername only.

I enabled CredSSP only on my Web Frontendserver with role Server and Client for himself.

Workflow Hero

Hi Victor,we have deployed the wsp in the WFE and app server of SP 2016 but not able to see the option in the central admin powershell.could you please help us to how to deploy and get the executive power shell action in Sharepoint 2016

Workflow Hero

Hi Bharathi,

what exactly are you expecting in Central Admin? As soon as you deployed the .wsp it only shows the action inside your Workflow Designer and in Nintex Workflow Administration you will have a new action under "Manage allowed actions"... Hope this helps, if not please explain your problem further.