none
Powershell script executes differently from the registry RRS feed

  • Question

  • I'm trying to use HKLM\Software\Microsoft\Active Setup\Installed Components\ to run a powershell script once for any user that logs on to a Windows 10 standalone machine.

    Here's an example of how I've set up the registry.

    I created a key at the "Installed Components" level and added:

    StubPath = %SystemRoot%\system32\WindowPowerShell\v1.0\powershell.exe -file “c:\ops\bin\run_once_logon_script.ps1”

    Version = 1,0,0,0

    I know this is working correctly as it creates the key and version at HKCU with the same path and in early testing it was executing part of the script.

    I've written a simple version of a script for testing.  Where I seem to be having issues is getting it to drop a log.  This may be the result of variable substitution or calling a 2nd script.  When I run the script manually from a powershell prompt it executes correctly.  When it runs from the registry its not creating a log file.  My assumption is that when I login with the user, it executes that script from the registry as that user? 

    Here's the test script.  I had to add the "cd c:\ops\bin" when executing from the registry. 

    ##################################
    # call environment variable script
    ##################################
    cd C:\ops\bin
    . ./set_opsenv.ps1
    # sets $strOpsRoot, $strOpsBin, $strOpsData, $strOpsLog, $strOpsTmp, $strOpsTools, $strHst

    ###########################
    # variables used by script
    ###########################
    $strScriptName = $MyInvocation.MyCommand.Definition
    $strDate1 = Get-Date                # used in header lines in logfile
    $strDate2 = Get-Date -format s           # used by FuncLogWrite
    $strLog = “$strOpsLog\run_once_logon_script_$env:UserName.log”

    #troubleshooting variable expansion from registry
    Write-Host $strOpsLog
    Write-Host $strOpsBin
    Write-Host “this is ops bin $strOpsBin”
    Write-Host “this is scriptname $strScriptName”
    Write-Host “this is the log $strLog”

    Write-Output $strOpsLog | Out-File -Append -FilePath $strLog
    Write-Output $strOpsBin | Out-File -Append -FilePath $strLog
    Write-Output “this is ops bin $strOpsBin” | Out-File -Append -FilePath $strLog
    Write-Output “this is scriptname $strScriptName” | Out-File -Append -FilePath $strLog
    Write-Output “this is the log $strLog” | Out-File -Append -FilePath $strLog
    exit

    Any insight would be appreciated. 

    Tuesday, February 25, 2020 8:59 PM

All replies

  • Why are you dot sourcing the external script?

    If the log file path is not set then there will be no log file.  Consider starting the log with a hard coded path until you see what it has to tell you.


    \_(ツ)_/

    Tuesday, February 25, 2020 9:22 PM
  • We would write this:

    Write-Output $strOpsLog | Out-File -Append -FilePath $strLog

    Like this:

    $strOpsLog | Out-File $strLog -Append


    \_(ツ)_/

    Tuesday, February 25, 2020 9:24 PM
  • The easiest way to do initial troubleshooting of a script that is running blind is to use "Start-Transcript".  The transcript will be created and timestamped in the users documents folder. This should always work.


    \_(ツ)_/


    • Edited by jrv Tuesday, February 25, 2020 9:28 PM
    Tuesday, February 25, 2020 9:27 PM
  • This is a standard thing I do with all my scripts to set up basic folders that the scripts use, rather than setting them in every script.  It also allows us to move/change the foldernames and just change 1 script instead of all of them.
    Tuesday, February 25, 2020 9:30 PM
  • Thanks but that is just test code to try to troubleshoot why it won't write a log, but certainly more succinct.
    Tuesday, February 25, 2020 9:32 PM
  • This is a standard thing I do with all my scripts to set up basic folders that the scripts use, rather than setting them in every script.  It also allows us to move/change the foldernames and just change 1 script instead of all of them.

    The transcript will tell you what is not happening as expected.  Once debugged you can remove the transcript line.


    \_(ツ)_/

    Tuesday, February 25, 2020 9:32 PM
  • So I set up a profile file from a powershell window using these lines.

    PS C:\ops\bin> Add-Content -path $PROFILE -Value “Set-Location c:\ops\bin”
    PS C:\ops\bin> Add-Content -path $PROFILE -Value “start-transcript c:\ops\log\PSTranscript_$env:UserName.log -append -noclobber”
    PS C:\ops\bin> Add-Content -path $PROFILE -Value ‘$a = Get-Date’
    PS C:\ops\bin> Add-Content -path $PROFILE -Value ‘“Date: ” + $a.ToShortDateString()’
    PS C:\ops\bin> Add-Content -path $PROFILE -Value ‘“Time: ” + $a.ToShortTimeString()’
    PS C:\ops\bin>

    And it created a Microsoft.PowerShellISE_profile.ps1 file as expected at c:\Users\My_USER\Documents\WindowsPowerShell\.

    I deleted the HKCU\Software\Microsoft\Active Setup\Installed Components\mynewkey, so that it would copy and run it again from HKLM for this user.

    I then logged off and back on.

    It did not write a transcript file as expected at c:\ops\log\PSTranscript_My_USER.log.

    I realized I initially set this up from a PowerShell ISE window, so I got a Microsoft.PowerShellISE.profile.ps1.

    I redid it from a normal Powershell window and got a 2nd profile - Microsoft.PowerShell.profile.ps1.

    I then deleted the HKCU key again so it would rerun from HKLM, logged out and back in again.

    Again it didn't write a transcript file.

    But if I open a powershell window, it executes the profile.ps1 file and writes a transcript file, so it's not a permissions issue in the location.  I've been down that path adding groups, etc.

    So it seems like perhaps it isn't executing as the user from the registry or something like that?

    Tuesday, February 25, 2020 10:12 PM
  • To edit the profile for the user use "notepad $profile"

    To edit the profile for all users do the following:

    notepad $profile.AllUsersCurrentHost

    You need to add "Start-Transcript" to the script and not to the profile.  Do not add a path to the transcript. Just let it get created in teh documents folder.  Just add this line to the top of your script:

    Start-Transcript

    Nothing else is needed or should be used.


    \_(ツ)_/

    Tuesday, February 25, 2020 10:23 PM
  • So I deleted both .profile.ps1 files and added Start-Transcript to beginning of script.

    cleaned up HKCU, logoff & on again.

    No transcript file is created at C:\Users\My_User\Documents\ or the WindowsPowerShell folder below that.

    Tuesday, February 25, 2020 10:40 PM
  • Then your script is not being executed at all.


    \_(ツ)_/

    Tuesday, February 25, 2020 10:53 PM
  • Here are the rules of how to use that key.

    https://helgeklein.com/blog/2010/04/active-setup-explained/

    The key must exist at HKCU.  The HKLM key is for system usage only.


    \_(ツ)_/

    Tuesday, February 25, 2020 10:56 PM
  • Thanks, that is where I originally got the idea.  It has to be in HKLM and then for each user it runs it once and copies it to HKCU to indicate it's been run and not to run again unless there's a new version.

    I guess I will have to try to find another method to do some 1 time user config like a login script that looks for a flag file and doesn't run again if it finds it.

    I think this is the key bit of info from that link:

    "Active Setup runs before the Desktop appears. Commands started by Active Setup run synchronously, blocking the logon while they are executing."

    so I guess the user isn't actually logged on yet when it is running?

    Tuesday, February 25, 2020 11:50 PM
  • Wrong.  The HKLM portion is run under the system account.  The article says this is how to set the HKCU key for the user.  The user version is \run later under the user account.

    Also what you are tying to do should not be done this way.  We use a GPO to set these things and that is designed to perform the needed checks.  That key is used to run programs that need to be run on every logon.  The 'RunOnce" key is used for one time execution as the line is removed after it is executed.


    \_(ツ)_/

    Wednesday, February 26, 2020 12:06 AM