I am bunding 5 MSI’s that need to be run in specific order, 3 of which run under system context, 2 need to run as currently logged in user (steps 2 & 3).
Can this be done in a single script?
I tried the “Execute-ProcessAsUser” for the MSI needing local user, the process fails:
the Task Schedule is generated as the elevated user used to launch the PS session (LabAdmin), not the currently logged on user (TestUser1).
The permissions for the Scheduled Task fail to be created for the elevated account.
Log snippet:
[Installation] :: Copying [C:\temp\AdeptBundle\PSAppDeployToolkit_3.10.0\AppDeployToolkit\RunHidden.vbs] to destination [C:\Users\labadmin\AppData\Local\Temp\PSAppDeployToolkit\ExecuteAsUser]. Execute-ProcessAsUser 5/4/2024 2:42:00 PM 1248 (0x04E0) [Installation] :: Setting permissions [Permissions:Read, InheritanceFlags:None, PropagationFlags:None, AccessControlType:Allow, Method:Add] on path [C:\Users\labadmin\AppData\Local\Temp\PSAppDeployToolkit\ExecuteAsUser\RunHidden.vbs] for user [C:\temp\AdeptBundle\PSAppDeployToolkit_3.10.0\Files\ClientServices.msi /passive]. Set-ItemPermission 5/4/2024 2:42:00 PM 1248 (0x04E0) [Installation] :: Failed to set read permissions on path [C:\Users\labadmin\AppData\Local\Temp\PSAppDeployToolkit\ExecuteAsUser\RunHidden.vbs]. The function might not be able to work correctly. Execute-ProcessAsUser 5/4/2024 2:42:00 PM 1248 (0x04E0) [Installation] :: Setting permissions [Permissions:Read, InheritanceFlags:None, PropagationFlags:None, AccessControlType:Allow, Method:Add] on path [C:\Users\labadmin\AppData\Local\Temp\PSAppDeployToolkit\PSAppDeployToolkit-ExecuteAsUser-001.xml] for user [C:\temp\AdeptBundle\PSAppDeployToolkit_3.10.0\Files\ClientServices.msi /passive]. Set-ItemPermission 5/4/2024 2:42:01 PM 1248 (0x04E0) [Installation] :: Failed to export the scheduled task XML file [C:\Users\labadmin\AppData\Local\Temp\PSAppDeployToolkit\PSAppDeployToolkit-ExecuteAsUser-001.xml].
I haven’t had need of Execute-ProcessAsUser so maybe I’m off base. However, your log seems to be referring to ClientServices.msi as a user. That would seem to point to a problem with your code.
for user [C:\temp\AdeptBundle\PSAppDeployToolkit_3.10.0\Files\ClientServices.msi
have you tried the 3.10.1 version that just came out.
Execute-ProcessAsUser is meant to be launched while PSADT is running as SYSTEM.
If you are trying to run you idea without SCCM or Intune, you should be logged-in as the user (TestUser1) and launching PSADT using RunAs the admin account (LabAdmin).
The 3.10.1 update fixed the issue of setting the read permissions but the msi still installs under the LabAdmin account from which the PS1 script is launched.
Is it possible that the Execute-ProcessAsUser cannot be used with MSI or EXE? Apologies as I am a newbie to the PSADT tool. If anyone has a link to videos or blogs that address bundles, I would appreciate.
So you know, the application components install as expected if run individually in Software Center (in the sequence requested by the vendor). While laborious, this is the current process the users are following with instructions.
I considered both Task Sequence and Application Group, but each has its own limitations in this scenario.
This is the command line I am using under the installation section:
Execute-ProcessAsUser -Path ‘ClientServices.msi’ (with and without the ‘least privilege’ parameter).