This knowledge base deals with the prerequisites and explains the process of running a script on a remote machine

Steps to use the Batch Remediation feature in FTK Enterprise

Step 1: Make sure the Execution Policy is set correctly

Note: There are two ways of doing that. It can be either be done in advance or when executing the script (Go straight to Step 3)

To set the policy in advance please follow the steps:

  • Open PowerShell with admin rights
  • Check the existing Execution Policy:
    - To do that, type in following command in PowerShell: get-exectutionpolicy -list
  • Make sure the execution policy for "LocalMachine" is set to "Bypass"
  • To do that in PS, type in : set-exectutionpolicy -executionpolicy bypass -scope localmachine

Step 2: Make sure the PS1 file is available and accessible by the endpoint.

  • Option 1: The file is manually placed on a local drive in the target machine in advance
  • Option 2: The file is placed on a network share and therefore accessible by the endpoint machine.
  • Option 3: The file gets sent via Remediation job
    - For that go to 'Tools' > 'Batch Remediation' > 'Remediation  Batch information' > 'Add New..' > 'Put File'
    - Select the destination and source locations:

Step 3: Execute the PS1 file from FTK Enterprise

Similar to sending the file
1. Go to 'Tools'
2. 'Batch Remediation'
3. 'Remediation  Batch information'
4. Click on 'Add New..'
5. This time select the 'Execute Command' option:

6. In the 'Command' field you can include the execution policy, so you do not need to do that in advance. The command will look like: PowerShell.exe -ExecutionPolicy Bypass -File \Filepath\<script name>.ps1

Note: Make sure you select the location on the remote machine where the PS1 file is located  and not the local one