Ask Your Question

How to run powershell concatenated commands?

asked 2016-07-07 12:20:09 -0500

Yeayu gravatar image

updated 2016-07-07 12:21:58 -0500

Hello all,

I am struggling to get a command working to get the ownership of a registry key and change it if its different than what I am expecting...

This is my current code using the powershell provider:

exec {'change reg key ownership':
  command => 'C:\Windows\Temp\myscript.ps1'
  unless => 'get-acl -path "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost" | select owner | select-string Administrators',
  provider => powershell,

Puppet does not recognize the unless command successfully, since the concatenation to select and validate the key owner fails. To be able to run the command successfully, additional quotes should be added to treat the whole command as one and not as many, but puppet does not seem to like it.

I am able to run the command successfully from cmd by running this command:

C:\Windows\System32\WindowsPowerShell\v1.0>powershell.exe -executionpolicy remotesigned "get-acl -path 'hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost' | select owner | select-string Administrators"

This works from a command line, but how can I translate that to puppet syntax?

I tried using the exec resource without the powershell provider and although it seems to be doing something else, it does not seem to do the right thing yet...

exec {'change reg key ownership':
  command => 'C:\Windows\Temp\myscript.ps1'
  unless => "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -executionpolicy remotesigned get-acl -path 'hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost' | select owner | select-string Administrator",

I can see that the unless command runs successfully when the registry key owner is Administrator (puppet agent -t -d shows the command run and result), however when someone else owns the key, it does run but it does not fail (return something != 0). Any ideas to make it work?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-07-08 16:52:46 -0500

GlennSarti gravatar image

updated 2016-07-08 16:56:47 -0500

Hi. I think the problem here is you're not emitting an exit code in your unless script. Remember unless there's an Terminating Error Powershell will always emit a zero exit code. I would suggest the following change;

exec {'change reg key ownership': 
  command => 'C:\Windows\Temp\myscript.ps1'
  unless => 'if ((get-acl -path "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost" | select owner | select-string "Administrators")  -eq $null) { exit 1 } else { exit 0}',
 provider => powershell,

That way, if the Administrators is not found (i.e. $null) it will exit with 1 and the command will run.

I wrote a blog post on which may be useful

edit flag offensive delete link more


Hello, many thanks for your reply... although I am getting a syntax error: Error 400 on SERVER: Syntax error at 'unless'; expected '}' Ideas? Note: I am using puppet 3.7.5 and the powershell module version 1.0.6 (in case that makes any difference).

Yeayu gravatar imageYeayu ( 2016-07-09 03:33:56 -0500 )edit

There's a missing comma at the end of the command => 'C:\Windows\Temp\myscript.ps1'

maynero gravatar imagemaynero ( 2016-07-12 18:09:45 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-07-07 12:20:09 -0500

Seen: 132 times

Last updated: Jul 08 '16