Page 1 of 1

Make files and folder nonreadable to users after MSI install

Posted: Fri Apr 16, 2021 8:11 am
by mar10c--
After the MSI completes the install in say c:\program files\myprogram\softwarename. Is there a way to restrict users from being able to read the contents of the installation folder? I've seen programs where the files have custom extensions to protect proprietary information in the code. Do we have these options in powershell studio 2019? If not, are there alternatives ?

Re: Make files and folder nonreadable to users after MSI install

Posted: Fri Apr 16, 2021 8:53 am
by Alexander Riedel
A folder and files from which you wish to execute code must be readable. If the OS cannot read a file, it cannot execute it. There really is no way around that.
You didn't provide a lot of detail here, so there is some guesswork involved here.
Renaming a .ps1 file to .xyz it does not make it any less readable by a text editor.
You can package a script as an executable with PowerShell Studio. Using a SAPIEN script host will not create temporary files and the code cannot simply be opened and studied and most importantly it cannot be modified. I do not know what proprietary information you have in your code, but if you have credentials there, they are not safe in any case. Packaging may make it harder for the average user to discover, but not impossible.
If you have truly sensitive information there, I would recommend to install that information in encrypted files and decrypt and use that information as needed, leaving no permanent trace behind.