none
Security permission - Approve device during Task Sequence with PSScript RRS feed

  • Question

  • Hi,

    Im trying to build a script which will import an unknown / nondomain device, put it in an collection, and then approve it.

    For the approval part i was thinking about using Peter van der Woude's script:,

    function Approve-Client {
        param([string]$SiteCode,
        [string]$SiteServer,
        [string]$CollectionName)

        $ClientsArray = @()

        $CollectionId = (Get-WmiObject -Class SMS_Collection `
        -Namespace root/SMS/site_$($SiteCode) -ComputerName $SiteServer `
        -Filter "Name='$CollectionName'").CollectionId
        $ClientsArray = (Get-WmiObject -Class SMS_CollectionMember_a `
        -Namespace root/SMS/site_$($SiteCode) -ComputerName $SiteServer `
        -Filter "CollectionId='$CollectionId'").ResourceId

        Invoke-WmiMethod -Namespace root/SMS/site_$($SiteCode) `
        -Class SMS_Collection -Name ApproveClients `
        -ArgumentList @($True,$ClientsArray) -ComputerName $SiteServer
    }

    Approve-Client "PTP" "PTSRVR02" "Samsung devices"

    But when i run it in the Task Sequence i get the following error(: tkomst nekad = Access Denied):

       

    fgGet-WmiObject : tkomst nekad. (Undantag fr†n HRESULT: 0x80070005 (E_ACCESSDENI RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    ED)) RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    At C:\_SMSTaskSequence\Packages\A010084F\AddComputerToCollectionBravalla.ps1:76 RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
     char:31 RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    + ...                $CollectionId = (Get-WmiObject -Class SMS_Collection ` RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    +                                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
        + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedA RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
       ccessException RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
        + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
       erShell.Commands.GetWmiObjectCommand RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)

    Get-WmiObject : tkomst nekad. (Undantag fr†n HRESULT: 0x80070005 (E_ACCESSDENI RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    ED)) RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    At C:\_SMSTaskSequence\Packages\A010084F\AddComputerToCollectionBravalla.ps1:79 RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
     char:31 RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    + ...        $ClientsArray = (Get-WmiObject -Class SMS_CollectionMember_a ` RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    +                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
        + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedA RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
       ccessException RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
        + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
       erShell.Commands.GetWmiObjectCommand RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    Invoke-WmiMethod : tkomst nekad. (Undantag fr†n HRESULT: 0x80070005 (E_ACCESSD RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    ENIED)) RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    At C:\_SMSTaskSequence\Packages\A010084F\AddComputerToCollectionBravalla.ps1:83 RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
     char:14 RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    + ...              Invoke-WmiMethod -Namespace root/SMS/site_$($SiteCode) ` RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
        + CategoryInfo          : NotSpecified: (:) [Invoke-WmiMethod], Unauthoriz RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
       edAccessException RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
        + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
       erShell.Commands.InvokeWmiMethod RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)
    RunPowerShellScript 2019-07-30 12:02:00 6028 (0x178C)

    Im guessing som permission is needed, or is it maybe not even possible to get this done during the task sequence?

    Tuesday, July 30, 2019 10:41 AM

Answers

  • Hi,

    Have you tried to manual run this script?

    Please also confirm that the account has the proper permissions to approve the device.



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Wednesday, July 31, 2019 9:03 AM

All replies

  • Hi,

    Have you tried to manual run this script?

    Please also confirm that the account has the proper permissions to approve the device.



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Wednesday, July 31, 2019 9:03 AM
  • Hi,

    I havent the SCCM env to 1903 yet, so i dont have the possibility run powershell scripts as a specific user. But i guess that would probably solve it.

    Will be updating the env after the summer, could wait to use this script untill then and do some manual labor.

    will try it out when i can, thanks for the reply!

    Wednesday, July 31, 2019 9:09 AM