Powershell Deployed via SCCM Issue

Forum: Operations Manager4
Viewing 2 posts - 1 through 2 (of 2 total)
  • #230326
    Profile photo of Jessica Wilson
    Jessica Wilson
    Participant

    I am writing a powershell script to be deployed by SCCM via a package. The aim of this is to remove an account with a specific name then write to a file stating if the account exists or not. The code is below:
    <pre class=”lang-bsh prettyprint prettyprinted”><span class="pln">$Computer </span><span class="pun">=</span><span class="pln"> hostname
    foreach </span><span class="pun">(</span><span class="pln">$C </span><span class="kwd">in</span><span class="pln"> $Computer</span><span class="pun">)</span> <span class="pun">{</span>
    <span class="kwd">if</span> <span class="pun">(</span><span class="typ">Test</span><span class="pun">-</span><span class="typ">Connection</span><span class="pln"> $C </span><span class="pun">-</span><span class="typ">Quiet</span><span class="pun">)</span> <span class="pun">{</span>
    <span class="typ">Write</span><span class="pun">-</span><span class="typ">Verbose</span> <span class="str">"$C > Online"</span><span class="pln">
    $Users </span><span class="pun">=</span> <span class="typ">Get</span><span class="pun">-</span><span class="typ">WMIObject</span> <span class="typ">Win32_UserAccount</span> <span class="pun">-</span><span class="typ">Filter</span> <span class="str">"LocalAccount=True"</span> <span class="pun">-</span><span class="typ">ComputerName</span><span class="pln"> $C

    </span><span class="kwd">if</span> <span class="pun">(</span><span class="pln">$Users</span><span class="pun">.</span><span class="typ">Name</span> <span class="pun">-</span><span class="pln">contains </span><span class="str">'test'</span><span class="pun">)</span> <span class="pun">{</span>
    <span class="typ">Add</span><span class="pun">-</span><span class="typ">Content</span><span class="pln"> \\SERVERNAME\SHARENAME</span><span class="pun">.</span><span class="pln">$\$computer</span><span class="pun">-</span><span class="pln">found_$</span><span class="pun">(</span><span class="pln">get</span><span class="pun">-</span><span class="pln">date </span><span class="pun">-</span><span class="typ">Format</span><span class="pln"> yyyymmdd_hhmmtt</span><span class="pun">).</span><span class="pln">txt </span><span class="str">"User 'test' found, Disable 'test' found"</span><span class="pln">
    net user test </span><span class="pun">/</span><span class="pln">active</span><span class="pun">:</span><span class="pln">no </span><span class="pun">}</span>
    <span class="kwd">else</span> <span class="pun">{</span>
    <span class="typ">Add</span><span class="pun">-</span><span class="typ">Content</span><span class="pln"> \\SERVERNAME\SHARENAME</span><span class="pun">.</span><span class="pln">$\$computer</span><span class="pun">-</span><span class="pln">notfound_$</span><span class="pun">(</span><span class="pln">get</span><span class="pun">-</span><span class="pln">date </span><span class="pun">-</span><span class="typ">Format</span><span class="pln"> yyyymmdd_hhmmtt</span><span class="pun">).</span><span class="pln">txt </span><span class="str">"User 'test' not found"</span>
    <span class="pun">}</span>
    <span class="pun">}</span>
    <span class="kwd">else</span> <span class="pun">{</span>
    <span class="typ">Write</span><span class="pun">-</span><span class="typ">Verbose</span> <span class="str">"$C > Offline"</span>
    <span class="pun">}</span>
    <span class="pun">}</span>

    I have also tried replace Write-Verbose with Write-Host and Add-Content with Out-File but the problem I having is that no content / file is created when I use the full network path or share e.g. \\SERVERNAME\SHARENAME.$ the path identified has all the correct permissions and is being ran locally using the System account.

    I wanted to see if the issue occured when writing the file locatlly consequently this does not happen when written to C:\Temp\

    Does anyone have any ideas on to solve this.

    #230335
    Profile photo of Bjørn-Erik Løken
    Bjørn-Erik Løken
    Participant

    Hi,

    I guess you have solved this problem. You will need write permissions for authenticated users for both the share permissions and NTFS permissions to accomplish what you want. You could use sysinternals tool PsExec to start a powershell session as system and do some more debugging: https://technet.microsoft.com/en-us/sysinternals/bb896649. Start powershell.exe as system: https://blogs.technet.microsoft.com/ben_parker/2010/10/27/how-do-i-run-powershell-execommand-prompt-as-the-localsystem-account-on-windows-7/

    Best regards
    Bjørn-Erik

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.