Empirum PowerShell Package
Empirum natively supports PowerShell as a packaging language, eliminating the need to wrap PowerShell scripts in Setup.inf files. The Package Wizard makes it easy to create software packages using either a default PowerShell template or custom-defined ones.
The latest UEM Agent executes PowerShell scripts directly. It is possible to install and uninstall those packages from the software kiosk or via an assignment in the Empirum Management Console (EMC) or Empirum Web Console (EWC).
Package handling for reboots, shutdowns, and logoffs, as well as access to Empirum variables, is managed through automatically deployed Matrix42 PowerShell CmdLets, which are installed alongside the UEM Agent. The output of all the PowerShell scripts and Cmdlets is stored in the UAF log.
Requirements
- Empirum 25.0.0 or later
- UEM Agent 2503.2.2 or later
- Allow execution of PowerShell scripts on the target machine. Minimum required version is PowerShell 5.1.
- The Cmdlets provided with the UEM Agent are not compatible with higher PowerShell versions. If you do not make use of them, you may use the latest version of PowerShell.
Currently not supported functionalities
- Reinstallation
- Execution in the user context
Package Creation
The Empirum Packaging Center is part of the Empirum installation and can be assigned to a client for installation. In the Packaging Center there is the Package Wizard. He offers "PowerShell" as kind of software package type. Select it and run the wizard. After the Package Wizard has been finished, the package has been created and - if selected – copied to the Empirum Server. The created package contains the selected icon file, the Setup.ps1 and the Setup.json which contains all the additional information which were entered in the Package Wizard.
The default PowerShell package contains the bare minimum for a successfully installation and uninstallation. It is your task to add the required files of the software to install to the package folder and distribute them to the target folders during installation and remove them during uninstallation.
The PowerShell script may make use of the Cmdlets which are installed by the UEM Agent and are available in your PowerShell session. See below for a listing and description of the available Cmdlets.
Import
In the Empirum Management Console (EMC) under "Configuration" -> "Software Management" -> "Depot", the import is carried out via the context menu "Import/Export" -> "Import package..."
Configuration
The package requires the flag "External installation program" to be activated, otherwise the command line property
-Command Install/Uninstall will not be attached to the command line arguments. The flag is already set by the Package Wizard by default and is mandatory for execution. The flag can be found in the tab "Misc" of the package properties.
In order to execute PowerShell.exe instead of Setup.exe the "Command" to call for that package needs to be defined properly as well. For example: %SetupPS% %SetupPSParms% "%Script%" This configuration can be set in the tab "Check" of the package properties. The variables SetupPS and SetupPSParms are new since Empirum 25.0.0 and are part of the depot environment variables.
Execution
The execution of PowerShell scripts may be restricted on certain computers by group policies (GPO). To work around this problem, the PowerShell script must be digitally signed. Make sure that a valid code signing certificate is used to establish the required level of trust.
The PowerShell package can now be assigned to the corresponding clients for installation/uninstallation like any other software package.
PowerShell Cmdlets
The UEM Agent installs a set of Cmdlets which can be used in your PowerShell scripts. The Cmdlets can be used with PowerShell 5 only.
Get-EmpirumVariable
Retrieves the value of any variable configured for the current client. Others like template variables are not supported. Variable names must not contain any special characters or umlauts.
Parameters
| Parameter | Description |
| Property | The property to get the value from. |
| Decrypt | Optional parameter to decrypt the retrieved value. Property name will be automatically extended with _SYNC before loading. |
Example
# Get variable SUBDEPOT.PASSWORD_1_SYNC Get-EmpirumVariable -Property SUBDEPOT.PASSWORD_1_SYNC # Get encrypted variable SUBDEPOT.PASSWORD_1_SYNC Get-EmpirumVariable -Property SUBDEPOT.PASSWORD_1 -Decrypt # Failure when trying to load template variable Get-EmpirumVariable AgentTemplate.SoftwareDepot.Polling.Intervall.seconds
Set-EmpirumReboot
Set the reboot status of the currently executed package. The status must be one of the following values:
- NoRebootNeeded
- RebootNeeded
- RebootNeededImmediately
- LogoffNeeded
- ShutdownNeeded
Parameters
| Parameter | Description |
| Status | The kind of reboot behaviour that should be used. |
Example
# The UEM Agent should trigger a reboot immediately after the currently running package is finished. Set-EmpirumReboot -Status RebootNeededImmediately