-
Notifications
You must be signed in to change notification settings - Fork 0
Running Scripts from GitHub
github-actions[bot] edited this page Jan 5, 2026
·
1 revision
PowerShell scripts in this repository can be executed directly from GitHub without downloading them first. This approach uses PowerShell's Invoke-Expression and Invoke-RestMethod cmdlets to download and run scripts in a single command, making deployment and testing faster and more convenient.
This method is particularly useful for:
- Remote troubleshooting and support
- Quick testing without file system access
- Automated deployments via Intune or GPO
- Emergency fixes and hotfixes
- Training and demonstrations
Invoke-Expression "& {$(Invoke-RestMethod 'URL_TO_SCRIPT')}"iex "& {$(irm 'URL_TO_SCRIPT')}"Where:
-
iex= Alias forInvoke-Expression -
irm= Alias forInvoke-RestMethod -
URL_TO_SCRIPT= Raw GitHub URL to the PowerShell script
-
Invoke-RestMethoddownloads the script content from GitHub as text -
$()captures the downloaded script text -
& {}creates a script block from the text -
Invoke-Expressionexecutes the script block
The & {} script block wrapper allows you to pass parameters to the downloaded script:
iex "& {$(irm 'URL')} -Parameter1 'Value1' -Parameter2"- Navigate to the script file on GitHub
- Click the "Raw" button
- Copy the URL from the browser address bar
https://raw.githubusercontent.com/[Owner]/[Repo]/[Branch]/[Path]/[ScriptName].ps1
Pattern:
https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/[Category]/[ScriptName].ps1
Examples:
- Intune Enrollment:
https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Intune/Start-IntuneEnrollment.ps1 - File Share Assessment:
https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/On%20Premise/Start-FileShareAssessment.ps1 - Lync CSV Exporter:
https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Lync/Start-LyncCsvExporter.ps1
Note: Spaces in paths must be URL-encoded as %20
# Start Lync CSV Exporter
iex "& {$(irm https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Lync/Start-LyncCsvExporter.ps1)}"# File Share Assessment with parameters
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/On%20Premise/Start-FileShareAssessment.ps1"
iex "& {$(irm $url)} -Domain 'Contoso' -OutputDirectory 'C:\Reports'"# Force Intune enrollment with sync
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Intune/Start-IntuneEnrollment.ps1"
Invoke-Expression "& {$(Invoke-RestMethod $url)} -ForceReenroll -SyncAfterEnroll"# Store URL in variable for cleaner syntax
$script = Invoke-RestMethod "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Teams/Get-ComprehensiveTeamsReport.ps1"
Invoke-Expression $script# Teams assessment with multiple options
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Teams/Get-ComprehensiveTeamsReport.ps1"
iex "& {$(irm $url)} -OrganizationName 'Contoso' -IncludeVoiceAnalysis -ExportToCSV"# Download first to review before execution
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Intune/Start-IntuneEnrollment.ps1"
$scriptContent = Invoke-RestMethod $url
# Review the script
$scriptContent | Out-File -FilePath "C:\Temp\Review.ps1" -Encoding UTF8
notepad "C:\Temp\Review.ps1"
# Execute after review
Invoke-Expression $scriptContentDetection Script:
# Check if device is enrolled in Intune
$enrolled = Test-Path "HKLM:\SOFTWARE\Microsoft\Enrollments\*\MS DM Server"
if ($enrolled) {
Write-Output "Compliant"
exit 0
} else {
Write-Output "Not Compliant"
exit 1
}Remediation Script:
# Set execution policy for this process
Set-ExecutionPolicy Bypass -Scope Process -Force
# Run enrollment script from GitHub
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Intune/Start-IntuneEnrollment.ps1"
iex "& {$(irm $url)} -SyncAfterEnroll -NoRestart"# Install.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Intune/Start-IntuneEnrollment.ps1"
try {
iex "& {$(irm $url)} -SyncAfterEnroll -NoRestart"
exit 0
} catch {
Write-Error $_.Exception.Message
exit 1
}# GPO-StartupScript.ps1
# Computer Configuration > Policies > Windows Settings > Scripts > Startup
# Set execution policy
Set-ExecutionPolicy Bypass -Scope Process -Force
# Execute script from GitHub
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Intune/Start-IntuneEnrollment.ps1"
Start-Transcript -Path "C:\Windows\Temp\IntuneEnrollment.log" -Append
try {
Invoke-Expression "& {$(Invoke-RestMethod $url)} -SyncAfterEnroll -NoRestart"
} catch {
Write-Error "Enrollment failed: $($_.Exception.Message)"
} finally {
Stop-Transcript
}# Create scheduled task that runs script from GitHub
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument @"
-NoProfile -ExecutionPolicy Bypass -Command "iex '& {`$(irm https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Lync/Start-LyncCsvExporter.ps1)} -OrganizationName \"Contoso\"'"
"@
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Sunday -At 2AM
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask -TaskName "Weekly Lync Assessment" -Action $action -Trigger $trigger -Principal $principal# Execute on remote computer
Invoke-Command -ComputerName Server01 -ScriptBlock {
Set-ExecutionPolicy Bypass -Scope Process -Force
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/On%20Premise/Start-FileShareAssessment.ps1"
Invoke-Expression "& {$(Invoke-RestMethod $url)} -Domain 'Contoso' -OutputDirectory 'C:\Reports'"
}# Azure Automation runbook to run assessment
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Microsoft365/Get-QuickO365Report.ps1"
# Download script
$script = Invoke-RestMethod -Uri $url
# Connect to services (using Automation account credentials)
Connect-ExchangeOnline -CertificateThumbprint $thumbprint -AppId $appId -Organization $org
# Execute script
Invoke-Expression "& {$script} -TenantDomain 'contoso'"By default, Windows blocks script execution for security. When running scripts directly from the internet, you need to temporarily bypass the execution policy.
# Only affects current PowerShell session
Set-ExecutionPolicy Bypass -Scope Process -Force
iex "& {$(irm 'URL')}"# PowerShell.exe bypass flag
powershell.exe -ExecutionPolicy Bypass -Command "iex '& {`$(irm \"URL\")}'"# Set policy, run script, policy resets when session closes
& {
Set-ExecutionPolicy Bypass -Scope Process -Force
iex "& {$(irm 'URL')}"
}# Changes system-wide setting - use cautiously
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser1. Source Trust: Only execute scripts from trusted repositories
# ✅ GOOD: Official repository
iex "& {$(irm 'https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/...')}"
# ❌ BAD: Untrusted source
iex "& {$(irm 'https://random-website.com/script.ps1')}"2. Repository Verification: Verify the repository owner before execution
- Check the repository is owned by Managed-Solution-LLC
- Verify the branch is main (not a fork or untrusted branch)
3. Script Review: For sensitive operations, download and review first
# Download for review
$script = irm 'URL'
$script | Out-File 'Review.ps1'
# Review manually
notepad 'Review.ps1'
# Execute after approval
Invoke-Expression $script4. Use Specific Commits for Production
# Instead of 'main' branch (which changes), use specific commit hash
$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/abc123def456/scripts/..."5. Network Security: Scripts download over HTTPS, but validate certificates
# PowerShell validates SSL certificates by default
# To verify:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls126. Audit Trail: Log script executions in production environments
Start-Transcript -Path "C:\Logs\ScriptExecution_$(Get-Date -Format 'yyyyMMdd_HHmmss').log"
iex "& {$(irm 'URL')}"
Stop-TranscriptFor Production Environments:
- ✅ Download scripts to a secure location first
- ✅ Scan with antivirus before execution
- ✅ Code review by security team
- ✅ Version control - use commit hashes instead of branch names
- ✅ Test in non-production environment first
- ✅ Implement logging and monitoring
- ✅ Use least-privilege accounts for execution
For Testing/Development:
- Running directly from GitHub is acceptable for rapid testing
- Use
-WhatIfor-Verboseparameters when available - Monitor for unexpected behavior
Cause: Insufficient permissions
Solution: Run PowerShell as Administrator
# Right-click PowerShell > Run as Administrator
# Or from elevated prompt:
Start-Process PowerShell -Verb RunAsCause: TLS/SSL protocol version mismatch
Solution: Enable TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
iex "& {$(irm 'URL')}"Cause: Execution policy restriction
Solution: Bypass execution policy for the session
Set-ExecutionPolicy Bypass -Scope Process -ForceCause: Incorrect URL or script moved
Solution: Verify URL format and check repository
# Test URL in browser first
# Ensure 'raw.githubusercontent.com' is used (not 'github.com')
# Check for spaces in path (use %20)Cause: Incorrect parameter syntax
Solution: Use proper quote escaping
# ❌ WRONG
iex "& {$(irm 'URL')} -Param "Value""
# ✅ CORRECT
iex "& {$(irm 'URL')} -Param 'Value'"Cause: Working directory is user profile, not script directory
Solution: Scripts should use absolute paths or create directories as needed
# Most repository scripts handle this automatically
# If issues persist, set working directory first:
Set-Location "C:\Temp"
iex "& {$(irm 'URL')}"Cause: Corporate proxy or firewall
Solution: Configure proxy settings
# Set proxy
$proxy = [System.Net.WebProxy]::new('http://proxy.company.com:8080')
$proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
[System.Net.WebRequest]::DefaultWebProxy = $proxy
# Then execute script
iex "& {$(irm 'URL')}"- Use full URL in production scripts (avoid relying on branch names)
- Set execution policy at Process scope only
- Log executions in production environments
- Test in non-production first
- Review scripts before first-time execution
- Use parameters to customize behavior
- Handle errors with try/catch blocks
- Run with appropriate permissions (least privilege)
- Execute scripts from untrusted sources
- Disable execution policy permanently on production systems
- Ignore security warnings
- Run scripts you haven't reviewed
- Execute with unnecessary elevated privileges
- Hardcode sensitive data in command lines
- Assume scripts are safe just because they're on GitHub
iex "& {$(irm https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Intune/Start-IntuneEnrollment.ps1)} -SyncAfterEnroll"$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/On%20Premise/Start-FileShareAssessment.ps1"
iex "& {$(irm $url)} -Domain 'YourOrg'"iex "& {$(irm https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Lync/Start-LyncCsvExporter.ps1)}"$url = "https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Teams/Get-ComprehensiveTeamsReport.ps1"
iex "& {$(irm $url)} -OrganizationName 'YourOrg' -IncludeVoiceAnalysis"iex "& {$(irm https://raw.githubusercontent.com/Managed-Solution-LLC/PowerShellEveryting/main/scripts/Assessment/Microsoft365/Get-QuickO365Report.ps1)} -TenantDomain 'contoso'"# Download to file
Invoke-WebRequest -Uri 'URL' -OutFile 'C:\Temp\Script.ps1'
# Review
notepad 'C:\Temp\Script.ps1'
# Execute
& 'C:\Temp\Script.ps1' -Parameter1 'Value'# Download and execute in new window
$script = irm 'URL'
$script | Out-File 'C:\Temp\temp.ps1'
Start-Process PowerShell -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File C:\Temp\temp.ps1"# Execute as background job
$job = Start-Job -ScriptBlock {
param($url)
iex "& {$(irm $url)}"
} -ArgumentList 'URL'
Wait-Job $job
Receive-Job $job- Start-IntuneEnrollment.ps1 - Examples of GitHub execution with parameters
- PowerShell Execution Policies
- Invoke-Expression Documentation
- Invoke-RestMethod Documentation
For issues or questions about running scripts from GitHub:
- Review this guide thoroughly
- Check the troubleshooting section
- Verify URL format and permissions
- Test with simple scripts first
- Report issues: GitHub Issues
Last Updated: 2026-01-05
Version: 1.0
- Overview
- Start-LyncCsvExporter
- Get-ComprehensiveLyncReport
- Get-LyncHealthReport
- Get-LyncInfrastructureReport
- Get-LyncServiceStatus
- Get-LyncUserRegistrationReport
- Export-ADLyncTeamsMigrationData
- New-Office365Accounts
- Sync-ContactsFromCsv
- Set-EmailToSharedAccount
- Set-SMTPForward
- Invoke-UserSignOutAndBlock
- Security Assessment Scripts (coming soon)
- Azure Automation (documentation pending)
- Get-GraphToken
- Get-GraphHeaders
- Get-AzureResourcePaging
- Get-EnterpriseAppUsage
- Get-ExchangeErrorsGraph
- Get-PBIWorkspaceUsageReport
- Intune Management (documentation pending)