Forum Discussion
Deploying PS Script as Application Doesn't Work
I've been trying desperately to get a powershell script to run on a target machine using MECM. First to note, I inherited a partially built MECM environment from my predecessor that wasn't documented well and wasn't fully tested. We're now trying to migrate off of our ancient software deployment software to use MECM and need to do so ASAP because that server is on its last life at the moment.
We have an application on our old system that requires the movement of license files from a network share into a specific folder within the target machine after the application installs. I've tested the application install separately and it works just fine. However, the copy job to move the files from the network share to the local PC fails.
I've confirmed that the PS script itself works as expected. I can run it locally on the target machine when logged in as myself or an administrator. I confirmed that the script works even through MECM when I install it in the user context. However, whenever I try to either run the script directly (Assets and Compliance > Device Collections > right click on collection > Run Scripts), or create a deployment type using the script installer, the job doesn't work.
1 of 2 things happens.
When running as a script directly, it will complete and state that it was successful (which I still find odd and not sure why that happens), but the actual process doesn't complete the copy, and so the files aren't copied over to the target machine.
When running it as an application deployment, the installation fails outright with exit code 1.
I've tried everything I can think of to get the PS script to run as a user for the entire system, but nothing seems to work.
I've been troubleshooting this for over a week so I'm probably forgetting some efforts I've done, but I think this sums it up.
I'm sure I'm not the only one trying to use MECM in this fashion, so I'm sure there's solutions out there, but either my google machine is broken and I can't seem to get the results I'm looking for or I'm simply missing something super simple that nobody has ever had a problem with...I'm fine with either, but could use the insight!
Your problem is that you are copying a file from a network share. This is because the script will run as local system account. As such you need to test your script as local system. This blog will show you how to do that. How to Access the Local System Account - Recast Software
You can solve this but including the license file with the script/setup. That is the simplest solution.
10 Replies
Yes, you're correct. However, I wasn't trying to install it for a user, I needed it installed for the system, Garth-MVP's answer was accurate. The script needed to be ran utilizing the system account, which needed additional permissions on the network share (Adding Domain Computers). Once I did that, I was able to run scripts that were sitting on a network share. There's also other things that can be done, but it was less a Config Manager issue and more a permissions issue.
1- determine if you really need the script to run as the user or if you can adapt it to run as System.
In our case, access to a network share required a proper user session.2- Before you tweak MECM settings, you can test locally how your script behaves under the SYSTEM account:
PsExec64.exe -i -s powershell.exe
This launches a PowerShell window as SYSTEM.
Run your script there.
If it fails there, it will fail in MECM. Now you know it’s truly a permissions/context problem.3- Modify Script to Authenticate to the Network Share
Instead of relying on inherited session authentication, explicitly authenticate inside the script:
$User = "domain\useraccount" $PWord = ConvertTo-SecureString -String "password" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord New-PSDrive -Name "Z" -PSProvider "FileSystem" -Root "\\server\share" -Credential $Credential Copy-Item -Path "Z:\yourfile.lic" -Destination "C:\Program Files\YourApp\Licenses" -Recurse Remove-PSDrive -Name "Z"
https://www.tech2geek.net/deploying-a-powershell-script-as-an-application-in-mecm-why-it-fails-and-how-to-fix-it/
Your problem is that you are copying a file from a network share. This is because the script will run as local system account. As such you need to test your script as local system. This blog will show you how to do that. How to Access the Local System Account - Recast Software
You can solve this but including the license file with the script/setup. That is the simplest solution.
While this didn't necessarily solve my issue, the testing certainly pointed me in the right direction. The solution was to add the Domain Computers AD group to the network share that housed the files I needed to copy. This gave the local SYSTEM account access to the network share that it needed.
My dilemma now is to figure out how to get a task sequence to utilize this script after installing the software application I'm using. I'm still testing this, and will make another post if I need to. So far I was able to get MECM to run the script as needed by either running it directly through the "run scripts" option, or I built an application using the script installer deployment type to run the script after the software is installed.
running powershell script in the user context is kind of tricky because of the execution-policy and user rights.
is it possible to post the script here?
i would advice using app-deployment toolkit as it will post all log files in the c:\windows\logs folder or enable
or
you can add this line att the top of you powershell script and run it to see what goes wrong
Start-Transcript -Path c:\temp\log.txt -Append
Yeah it's a pretty basic PS script.
# Define variables$SourcePath1 = "<path/file>"$DestinationPath1 = "<path/file>"$SourcePath2 = "<path>"$DestinationPath2 = "<path"# Copy files from source to destinationtry {Copy-Item -Path $SourcePath1 -Destination $DestinationPath1 -Recurse -ForceWrite-Host "Files copied successfully from '$SourcePath1' to '$DestinationPath1'."Copy-Item -Path $SourcePath2 -Destination $DestinationPath2 -Recurse -ForceWrite-Host "Files copied successfully from '$SourcePath2' to '$DestinationPath2'."}catch {Write-Error "Error copying files: $($_.Exception.Message)"exit 1did you test the script as the local system account? Are any of the paths Unc?
