Access denied when running Upgrade Readiness Deployment Script on Windows 10 devices

New Contributor



I have implemented an Azure Log Analytics demo environment including Windows 7 SP1, Windows 8.1 and Windows 10 client machines.


Microsoft Monitoring Agent is installed on all three machines.

The Upgrade Readiness Deployment Script has finished on the Windows 7 SP1 and Windows 8.1 machines without any problems and 0 error(s). Both machines are already visible within the Azure Log Analytics dashboard/Upgrade Readiness.


Unfortunately, this is not the case for the Windows 10 client. Everytime I run the script (no difference between run as (local) administrator/run as system) I receive  an Access is denied error message within the command prompt although in the log files of the script it is written: Success : Script succeeded


Microsoft Windows [Version 10.0.16299.611]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\Windows\system32>cd C:\Users\USERNAME\Desktop\Pilot

Running config batch
        1 file(s) copied.
Access is denied.
        0 file(s) copied.

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe exited on Win10Client003 with error code 0.
Access is denied.
        0 file(s) copied.


What is the problem with the Windows 10 client here?



Best regards



4 Replies

on Windows 10 we get the same error message. what's wrong. the ntfs right are would be nice MS have a fix for this script


Same error here, glad I'm not the only one. 

The reason this doesn't work is because MS decided it wasn't necessary to sign their scripts even though the guidance is to use RemoteSigned as the execution policy. You need to unblock the .PS1 script and allow it to run. I'm just going to sign them once I've configured it. This should be covered in the documentation. 

For me, it turned out to be permissions on the powershell.exe.config file.  The Pilot script backs the original up, copies in a new one, runs the PowerShell script with an -ExecutionPolicy Bypass flag on it (which should allow for unsigned scripts as I understand it), and then copies the backup config back to the original.  It was failing when it attempted to make a backup and again when trying to restore the backup.


Now, should I have needed to adjust the permissions?  Probably not.  But at least the 'access denied' errors went away.