1

I am trying to install the Tenable Nessus agent via PowerShell script and am running into no end of issues because the Nessus MSI syntax requires a mix of no quotes and double quotes. The problem I am running into is that PowerShell needs me to escape the double quotes which seems to break the syntax understood by msiexec.exe. Let me show you what I am doing and what I have tried. I am not a strong PowerShell person, and the solution is escapes me.

Here is the code block where I set the variable with all the MSI arguments. The Nessus syntax requires that all its configs be surrounded by double quotes except for NESSUS_KEY. Earlier in the script I define the other variables.

$MSI_Arguments = @(
  "/i"
  "$Install_File"
  "NESSUS_KEY=$Nessus_Key"
  "NESSUS_SERVER=""cloud.tenable.com:443"""
  "NESSUS_NAME=""$FQDN"""
  "NESSUS_GROUPS=""$Nessus_Group"""
  # The colon in front of a variable needs special treatment ({}).
  "NESSUS_PROXY_SERVER=""${Proxy_Server}:${Proxy_Port}"""
  "NESSUS_OFFLINE_INSTALL=""yes"""
  "/qn"
  "/norestart"
  "/L*v ""$LogPath\Tenable_MSI.log"""
)

I then try running the command like so. This command does not work properly - the install proceeds, but because the parameters in -ArgumentList needs to be surrounded by double quotes, it does not get all the parameters, resulting in a broken installation.

$MSI_Command = Start-Process  -Wait -NoNewWindow -PassThru -FilePath "msiexec.exe" -ArgumentList $MSI_Arguments

When I put $MSI_Arguments in double quotes, I then break how PowerShell deals with the double quotes in the variable code block. I have tried the following, but none work.

$MSI_Command = Start-Process  -Wait -NoNewWindow -PassThru -FilePath "msiexec.exe" -ArgumentList "$MSI_Arguments"
$MSI_Command = Start-Process  -Wait -NoNewWindow -PassThru -FilePath "msiexec.exe" -ArgumentList "$$(MSI_Arguments)"
$MSI_Command = Start-Process  -Wait -NoNewWindow -PassThru -FilePath "msiexec.exe" -ArgumentList "${MSI_Arguments}"

I have even tried just running the command straight-up, no variables, just to try and figure out the syntax. I tried two double quotes (similar to what I am trying in the variable code block) and it it works.

Start-Process -Wait -NoNewWindow -PassThru -FilePath "msiexec.exe" -ArgumentList "/i C:\temp\NessusAgent-7.7.0-x64.msi NESSUS_KEY= NESSUS_SERVER=""cloud.tenable.com:443"" NESSUS_NAME=""foo"" NESSUS_GROUPS=""bar"" NESSUS_PROXY_SERVER=""proxy.company.com:80"" NESSUS_OFFLINE_INSTALL=""yes"" /qn /norestart /L*v ""C:\temp\Tenable_MSI.log"""

Now that I have a working command, I cannot figure out how to modify the variable block to work. If I just add more doubled double quotes, I get errors. If I add "" I get errors. If I add " I get errors... I am so close, yet so far.

Please, rescue me from this hell I am in. At this point I am wondering if Passing double quotes through PowerShell + WinRM has the answer, and I should base64 encode the install string, but that may be beyond my skillset given how I use variables...

jgranto
  • 11
  • 3
  • usually, a splat needs to be called via `@SplatVar` instead of `$SplatVar`. have you tried that yet? – Lee_Dailey Jul 16 '20 at 14:27
  • Does this answer your question? [Powershell Call MSI with Arguments](https://stackoverflow.com/questions/45223031/powershell-call-msi-with-arguments) – iRon Jul 16 '20 at 14:42

0 Answers0