none
Powershell Scripts during task sequence

    السؤال

  • In our current enviroment we are trying to run out task sequence with the advertisement option of  "Access content directly from a distribution point when needed by the running task sequence".  We also try to wrap all of our application installation programs with a custom powershell script.  We are having problems getting our powershell scripts to run during the task sequence.

    What steps should we be taking to get a powershell script to run during the task sequence?

    Thanks,

    Matt
    17/محرم/1430 10:00 م

جميع الردود

  • Matt,

    How are you currently attempting to run your Powershell scripts?

    Your command should probably look something like this:

    powershell.exe -command .\MyScript.ps1

    Remember that you'll have to set your Powershell execution policy to something other than "Restricted" before you can run scripts. So, with that in mind, you might need a batch file that does something like this:

    powershell.exe -command "Set-ExecutionPolicy Unrestricted"
    powershell.exe -command .\MyScript.ps1


    Let me know if this helps you out.

    Trevor Sullivan
    Systems Engineer
    OfficeMax Corporation

    Trevor Sullivan Systems Engineer OfficeMax Corporation
    18/محرم/1430 12:43 ص
  • We have already set the ExecutionPolicy to Unrestricted, and we also found that since we are running things from the DP we had to add the server to the list of trusted sites.  This work most of the time, but we also have a fair amount of Powershell scripts failing to run.

    18/محرم/1430 01:12 م
  • Do you know why they are failing.  Is there any logging?  The task sequence engine runs by default in the system context.  That might be the only issue.  If so, try the run as feature in R2.
    John | Program Manager | System Center Configuration Manager
    11/صفر/1430 11:42 م
    المشرف
  • There are 3 ways of running powershell without prompting which is a requirement for running in a TS.

    1) run powershell locally with a policy of unrestricted. (This is rather difficult in a TS, and is not what you are attemting)
    2) run powershell remote in unrestricted and add the server where it is running from to the trusted sites list, this seems to be what you are doing, ans should execute fine. If one script is running and another is not, than it would seem strange to me that powershell execution policy has something to do with it. (Unless some of the scripts are only available on a different dist point or something

    3) run powershell remote with a policy of allsigned or remotesigned. This requires you to digitally sign your scripts, and you need to add a stap to your tasksequence to have the root certificate in the trusted publishers store at the client . You can do this with:
     

    certutil -addstore trustedpublisher root.cer

     (where root.cer is the public root certificate).
    "Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm
    12/صفر/1430 10:33 ص
    المشرف
  • Thank you all for your feedback.

    We had been running our scripts remotely after setting powershell to run unrestricted.  Believe the problem was that the trusted sites where not getting set properly for some reason.  Our current solution was to wrap all of our powershell scripts in a batch file that copies them to the local machine and then executes them.  That has made things a bit more stable.

    So, this leads to the question, how do you go about setting the trusted sites?  We want our end users to be able to control their trusted sites when everything is all set and done, so we couldn't use most policy based methods.  We do have a IE customization package that adds these servers to the list of trusted sites, but as I was saying, it wasn't reliably taking effect when we wanted it to or something.

    Matt
    12/صفر/1430 01:56 م
  • It is kind of hard to get the trusted sites populated in time without policy.
    You might be able to script that, but as I stated, the sure fire way is to sign your scripts, then import the cert in the trusted publisher store as a TS step.

    Signing your scripts isn't all that difficult, just requires the makecert.exe tool from the windows platform sdk (which is a fairly big download & install for just this .exe) then follow the detailed steps in technet magazine
    http://technet.microsoft.com/en-us/magazine/2008.04.powershell.aspx

    "Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm
    14/صفر/1430 08:37 م
    المشرف