Please help me understand how Snapins work (and why mine aren't working)
-
Powershell scripts are not allowed to be run by default on windows 10, especially custom ones.
You might be able to fix this with
Set-ExecutionPolicy -ExceptionPolicy Unrestricted
set-executionpolicy unrestricted
-
@mckay I suppose you could change the powershell to:
powershell.exe -ExecutionPolicy Unrestricted -NoProfile -File enableBitlocker.ps1
-
I will try that and see if that fixes anything. Thanks for being so speedy!
-
So I tried
powershell.exe -ExecutionPolicy Unrestricted -NoProfile -File enableBitlocker.ps1
but still no luck.
In order to help troubleshoot I have been using the “Run” app from the start menu. When I do this I use “-NoExit” to keep the Powershell window so I can view any errors. For example I will Run the command
powershell.exe -NoExit -ExecutionPolicy Unrestricted -NoProfile -File D:\enableBitlocker.ps1
When I do this, the error I am getting is “Error: An attempt to access a required resource was denied.”
If I try the same thing with my installChocolatey.ps1 file I get the error
“Installation of Chocolatey to default folder requires Administrative permissions. Please run from elevated prompt”I know that Snapins run as System so I assume(?) permissions should not be an issue when running Snapins. Other than permissions though, the commands I am running seem to work just fine. Do you think it is possible some commands need to be run as admin and not system?
-
I think the execution policy needs to be set first. I also believe it requires confirmation too. So once it’s set the Snapin shouldn’t have a problem running
-
Too run tests open admin Powershell
-
@Tom-Elliott, I am not fully sure what you mean by this. Are you saying that I should set the execution policy on the Windows 10 image itself so that when it is provisioned it already has the execution policy set? As far as requiring confirmation, my goal is that I can do administrative tasks with SnapIns without having to to do any manual confirmation.
-
@mckay Yes, I think even system user requires the Powershell policies to be preset
-
Thanks for your response @Tom-Elliott you have been a big help. I think I have realized that what I am trying to do is probably not possible with a FOG Snapin.
So just to clarify. Any script that requires elevated privileges will not work as a FOG Snapin, but any script that does not require elevated privileges will work just fine as a FOG snapin. Is that correct?
-
@mckay no. Fog Snapins run as system user. Powershell has a play in this.
-
Thanks again for your help. I will research more what the System User can do. It looks like I am out of luck to do things that require elevated permissions (such as enabling Bitlocker) using a SnapIn. I think I will start to evaluate other ways to do post-provisioning scripts/tasks.