Skip to main content
Older versions of Internet Explorer will not support certain site features. Chrome, Safari, Firefox, and Edge will provide the best experience.
Spok

Asset Service Protection

This topic describes how to execute the PowerShell scripts included with security patch DE27964_Assets_Service_Protection.

This patching process does not require any downtime. It is a configuration change, and it takes effect without interrupting your services.

This patch includes two PowerShell scripts. Use the proper script for your Spok Mobile server. The scripts are:

  • AddProtection4X.ps1 for Spok Mobile 4.0 and later
  • AddProtection35.ps1 for Spok Mobile 3.5

If you make a mistake, see step 2a below for more instructions about how to restore your configuration file.

To implement this patch, do the following:

  1. Download the patch files to the mobile server assets directory, usually C:\inetpub\wwwroot\AMC\Assets.
    1. For Spok Mobile 3.5, download both AddProtection35.ps1 and Amcom.Security.OAuth.dll
    2. For Spok Mobile 4.0 and above, download only AddProtection4X.ps1
  2. Create a backup copy of the file C:\inetpub\wwwroot\AMC\Assets\web.config (or backup the whole directory)
    1. If you make a mistake and need to restore your system, replace the web.config file with the backup copy that you just made.
  3. Open a PowerShell console as an administrator and navigate to the script directory (for example, by running cd C:\inetpub\wwwroot\AMC\Assets).
  4. In the Assets directory, execute the script by typing .\<filename> where <filename> is the name of the script.
    1. For Spok Mobile 3.5 run .\AddProtection35.ps1
    2. For Spok Mobile 4.0 and later, run .\AddProtection4X.ps1
  5. Depending on your PowerShell execution policy, you might be restricted in various ways.
    1. You might be allowed to execute the script without any alerts or notifications. This means that the script ran successfully.
      success_exec.jpg
    2. You might be asked to confirm that you want to run the script because the publisher is untrusted. In this case, type R and then press Enter to run the script once.
      confirm_exec.jpg
    3. You might be blocked from executing the script.
      restricted_exec.JPG
      In this case, change your PowerShell execution policies by doing the following:
      1. At the Powershell console, execute Set-ExecutionPolicy AllSigned
      2. Confirm by typing A and then press Enter.
      3. Execute the script as shown in step 4.
    4. You might be warned that the hash of the file does not match the hash stored in the signature.
      do_not_exec.jpg
      This indicates that the file has been changed and cannot be trusted. Do not execute the script.
  6. To validate that the script ran successfully, launch a web browser and attempt to load the URL https://<mobile_domain_name>/AMC/Assets/Assets/v1-0/Assets.
    If the script executed properly, you will receive the error HTTP Error 401.0 - Unauthorized.
  7. Upgrade all of your mobile clients to the latest version of Spok Mobile. This will allow you to upload or download assets and files.

If you are using a load-balanced setup, ensure that you have applied the script to all mobile servers.