none
ps1 file running ok as 1 user, and appears to run as another, but doesn't RRS feed

  • Question

  • Hi,

    I have a very simple script which is merging a reg file onto a remote computer calling the psexec process. 

    It works fine as me. All the files needed are on a network drive, and the other person who needs to run it has access to it. The script runs with no errors, and yet the entries don't get added to the remote computer.

    The script opens an elevated powershell window too.

    Any ideas?

    Script below.

    If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))

    {   
    $arguments = "& '" + $myinvocation.mycommand.definition + "'"
    Start-Process powershell -Verb runAs -ArgumentList $arguments
    Break
    }
    $computer = read-host -prompt 'input hostname'
    Copy-Item "\\metcalfe\gpsoftware`$\Win10 Start\lync.reg" -Destination \\$computer\c`$
    start-process -FilePath "\\metcalfe\gpsoftware`$\Win10 Start\psexec.exe" -ArgumentList "\\$computer c:\windows\regedit /s c:\lync.reg"

    The reg file is below, but I have removed the values showing our server addresses

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Lync]

    "ConfigurationMode"=dword:00000001
    "ServerAddressInternal"="******************"
    "ServerAddressExternal"="******************"

    Thursday, January 25, 2018 4:28 PM

Answers

  • That is going to be problematic for a number of reasons because the registry file indicates HKEY_CURRENT_USER, which literally means "the current user" (that's you, if you are running the script, or the system account, if running remotely via psexec). HKEY_CURRENT_USER does not mean "the current user that is logged onto a remote computer." I would abandon that approach as it's not going to do what you think it's going to do.

    If you need to set registry values for users, I would recommend using a GPO.


    -- Bill Stewart [Bill_Stewart]

    Thursday, January 25, 2018 5:57 PM
    Moderator

All replies

  • For PsExec issue post in PsExec forum.


    \_(ツ)_/

    Thursday, January 25, 2018 4:53 PM
  • That is going to be problematic for a number of reasons because the registry file indicates HKEY_CURRENT_USER, which literally means "the current user" (that's you, if you are running the script, or the system account, if running remotely via psexec). HKEY_CURRENT_USER does not mean "the current user that is logged onto a remote computer." I would abandon that approach as it's not going to do what you think it's going to do.

    If you need to set registry values for users, I would recommend using a GPO.


    -- Bill Stewart [Bill_Stewart]

    Thursday, January 25, 2018 5:57 PM
    Moderator
  • You can use Enter-PsSession or Invoke-Command.

    Invoke-Command -ScriptBlock {dir hkcu:} -Computer <remote_host> -Credential domain\userid

    If this is not a one-time thing for one or two users then use GP as suggested.


    \_(ツ)_/

    Thursday, January 25, 2018 6:11 PM