2

Environment

  • Windows Server 2012 domain
  • Windows 10 version 2004 client

I'm trying to deploy an ActiveDirectory Startup or Shutdown powershell script on a test OU to update VLC Media Player and I can't figure out why the powershell isn't running.

I'm using this article as a template, specifically the trick of running powershell.exe as a Script Name and the parameters below as the Script Parameters to workaround the Execution Policy.

They are configured using Group Policy > Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown) in a GPO called "Deploy Active Directory scripts":

  • Script Name: %windir%\System32\WindowsPowerShell\v1.0\powershell.exe
  • Script Parameters: -NonInteractive -ExecutionPolicy Bypass –NoProfile -File "%~dp0Update_VLC.ps1"

Update_VLC.ps1 has been saved in the appropriate \Machine\Scripts\ folders and the appropriate computer secutury group has Read/Execute permissions on it. The GPOs seem to be configured correctly because:

  1. When I run gpresult on the client it reports

Settings

Policies

Windows Settings

Scripts

Startup

Name | Parameters | Last Run | Script Order in GPO | Winning DPO

%windir%\System32\WindowsPowerShell\v1.0\powershell.exe | -NonInteractive -ExecutionPolicy Bypass -NoProfile -File "%~dp0Update_VLC.ps1" | 21/07/2020 2:47:10 PM | Not configured | Deploy Active Directory Scripts

  1. When I use psexec -i -s cmd.exe to troubleshoot on the client by running the script from the same location in the context of the computer's LocalSystem account it works.

I've also tried running a .cmd as the script file to run the powershell command. The .cmd file itself executes but the powershell invocation within it fails silently, even when redirecting output to a file.

Any advice appreciated.

EDIT: an update.

I got this to work with a .cmd file after all (typo in my original .cmd) with the invocation:

%windir%\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -ExecutionPolicy Bypass -NoProfile -File %~dp0Update_VLC.ps1

It does not seem to work using those same arguments entered for Name and Parameters in Scripts (Startup/Shutdown) as follows:

Script Name: %windir%\System32\WindowsPowerShell\v1.0\powershell.exe

Script Parameters: -NonInteractive -ExecutionPolicy Bypass –NoProfile -File %~dp0Update_VLC.ps1

There may be a typo in what I'm using that I can't see (if so, I would be grateful if anyone could point it out). Or the direct approach suggested in link (as opposed to using a Windows Command Script) doesn't work. Happy for feedback on either.

  • This may have to to with the script itself. How does ist look like? – bjoster Jul 21 '20 at 11:20
  • Thanks, @bjoster. It's not the script, I think. Even if I comment everything out so the only line executing is `Start-Transcript -NoClobber -IncludeInvocationHeader -OutputDirectory c:\temp` it still doesn't run. – OneOfTheDamons Jul 21 '20 at 23:51
  • Are "Read" and "Execute" permissions given on the PS1 file (or foder)? CMD ignores execute and runs perfectly with 'read', but PS honors taht correctly. – bjoster Jul 22 '20 at 11:06

0 Answers0