Execute PowerShell Script Action
The “Execute PowerShell Script” action allows you to execute PowerShell scripts from within SharePoint Designer 2010 Workflows.
1. Add “Execute PowerShell Script” action to a SharePoint Designer Workflow
The PowerShell script to execute. You can use the following predefined variables:
- $site = the current Microft.SharePoint.SPSite
- $web = the current Microft.SharePoint.SPWeb
- $list = the current Microft.SharePoint.SPList (null in site workflows)
- $item= the current Microft.SharePoint.SPListItem (null in site workflows)
- $ctx = the current workflow context Microsoft.SharePoint.WorkflowActions.WorkflowContext
- $sharePointService = the current Microsoft.SharePoint.Workflow.ISharePointService service
- $listItemService = the curent Microsoft.SharePoint.Workflow.IListItemService service
The process will run as system account. However, by default $site and $web will run as the current workflow initiator or author (impersonation step). When you want to impersonate the site to the system account create a site like this: $impersonatedSite =
Avoid the usage of the SharePoint Designer Text Editor tokens in the script, because of the potential risk for script injection attacks. Instead use variable binding ($var1, $var2…)
By default every script that you want to execute must be digitally signed. However, you can change the setting to not require a digital signature (dev system). The corresponding PowerShell script is included in package.
Disable Script Signing
The script must run on a SharePoint machine
PS> & .\Set-PowerActivityScriptSigning.ps1 $false
In order to sign scripts you need the private key that has been generated during the installation of solution.
1. Export Private Key
The script must run on a SharePoint machine. Keep the private key secure.
PS> & .\Export-Key.ps1 –path “C:\private.key” –includePrivateKey $true
2. Sign the Script
After you have exported the private key you can sign the script. The signing must not be done on a SharePoint machine, you only need the private key and the script. To sign the script you have to save it temporarily to a file.
PS> & .\Sign-PowerActivityScript.ps1 –keyPath “C:\private.key” –scriptPath “C:\script.ps1”
The signature will look like this:
Simply copy & paste the script and the signature to the script and signature field of the “Execute PowerShell Script” action.
White spaces in the script will be ignored in the signing process.
$var1, $var2, $var3, $var4, $var5
You can bind PowerShell variables ($var1, $var2…) to workflow variables.
$web.Title = $var1
The binding is two way, this means you can change the workflow variables in the script.
$var2 = “my value”
$secure is a special variable that can contain an encrypted string that will be decrypted during runtime. You could use this variable to securely store a password. The binding ot this variable is one way, means you can not set the value in the script during
runtime. For how to encrypt strings read
Secure Store AppId
The Secure Store App have to define 2 Fields. One of type “User Name” and one of type “Password”. The Field Name doesn’t matter, important is the Field Type! You have to map the credentials of the SharePoint Service Accounts
(AppPool/owstimer.exe). The secure store option will only works with SharePoint Server, not with Foundation! You can access the credentials during runtime with the $credential variable (System.Net.NetworkCredentials).