Please help me understand how Snapins work (and why mine aren't working)
-
I am running this with the Powershell defaults
powershell.exe -ExecutionPolicy Bypass -NoProfile -File enableBitlocker.ps1
If I run these these commands in Powershell or Command prompt it works just fine but if I create a Snapin (Powershell or Batch) and run it, it does not seem to do anything at all. I did notice that if I try to run the ps1 file manually on the computer I get the error
“ebableBitlocker.ps1 cannot be loaded because running scripts is disabled on this system.”
The first thing I notice is the “ExecutionPolicy” is set for enableBitlocker.ps1, but the error is saying an issue with ebableBitlocker.ps1, maybe a typo somewhere?
-
Wow. Fast reply. Thanks!
Just a typo in my post. Not a typo in the Snapin. Thanks for catching that though!
-
Powershell scripts are not allowed to be run by default on windows 10, especially custom ones.
You might be able to fix this with
Set-ExecutionPolicy -ExceptionPolicy Unrestrictedset-executionpolicy unrestricted -
@mckay I suppose you could change the powershell to:
powershell.exe -ExecutionPolicy Unrestricted -NoProfile -File enableBitlocker.ps1 -
I will try that and see if that fixes anything. Thanks for being so speedy!
-
So I tried
powershell.exe -ExecutionPolicy Unrestricted -NoProfile -File enableBitlocker.ps1but still no luck.
In order to help troubleshoot I have been using the “Run” app from the start menu. When I do this I use “-NoExit” to keep the Powershell window so I can view any errors. For example I will Run the command
powershell.exe -NoExit -ExecutionPolicy Unrestricted -NoProfile -File D:\enableBitlocker.ps1When I do this, the error I am getting is “Error: An attempt to access a required resource was denied.”
If I try the same thing with my installChocolatey.ps1 file I get the error
“Installation of Chocolatey to default folder requires Administrative permissions. Please run from elevated prompt”I know that Snapins run as System so I assume(?) permissions should not be an issue when running Snapins. Other than permissions though, the commands I am running seem to work just fine. Do you think it is possible some commands need to be run as admin and not system?
-
I think the execution policy needs to be set first. I also believe it requires confirmation too. So once it’s set the Snapin shouldn’t have a problem running
-
Too run tests open admin Powershell
-
@Tom-Elliott, I am not fully sure what you mean by this. Are you saying that I should set the execution policy on the Windows 10 image itself so that when it is provisioned it already has the execution policy set? As far as requiring confirmation, my goal is that I can do administrative tasks with SnapIns without having to to do any manual confirmation.
-
@mckay Yes, I think even system user requires the Powershell policies to be preset
-
Thanks for your response @Tom-Elliott you have been a big help. I think I have realized that what I am trying to do is probably not possible with a FOG Snapin.
So just to clarify. Any script that requires elevated privileges will not work as a FOG Snapin, but any script that does not require elevated privileges will work just fine as a FOG snapin. Is that correct?
-
@mckay no. Fog Snapins run as system user. Powershell has a play in this.
-
Thanks again for your help. I will research more what the System User can do. It looks like I am out of luck to do things that require elevated permissions (such as enabling Bitlocker) using a SnapIn. I think I will start to evaluate other ways to do post-provisioning scripts/tasks.
