Execute-ProcessAsUser Not Working

The Toolkit General Discussion
1

I have a PSADT deployment for adding the Japanese IME in Windows 10. Part of it involves Removing and/or adding the Japanese language to the language list for the logged on user. The other part of the deployment is run as the system account. I have this in the Deploy-Application file:

Execute-ProcessAsUser -Path “$PSHOME\powershell.exe” -Parameters “-ExecutionPolicy Bypass -Command &{& “$dirFiles\AddLanguage.ps1”}” -Wait

There is no error and my Deploy-Application script completes to the end but the AddLanguage.ps1 is not run. Here are the errors from the PSADT log:
-------------------------]LOG]!><time=“11:23:05.488-240” date=“07-15-2022” component=“Execute-ProcessAsUser” context=“NT AUTHORITY\SYSTEM” type=“3” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Previous [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser] found. Attempting removal.]LOG]!><time=“11:25:24.569-240” date=“07-15-2022” component=“Execute-ProcessAsUser” context=“NT AUTHORITY\SYSTEM” type=“1” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Delete folder [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser] recursively…]LOG]!><time=“11:25:24.574-240” date=“07-15-2022” component=“Remove-Folder” context=“NT AUTHORITY\SYSTEM” type=“1” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Creating [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser].]LOG]!><time=“11:25:24.578-240” date=“07-15-2022” component=“Execute-ProcessAsUser” context=“NT AUTHORITY\SYSTEM” type=“1” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Preparing a vbs script that will start [C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command &{& ] as the logged-on user [C:\TEMP\JapaneseIMEDism\Files\AddLanguage.ps1}] silently…]LOG]!><time=“11:25:24.586-240” date=“07-15-2022” component=“Execute-ProcessAsUser” context=“NT AUTHORITY\SYSTEM” type=“1” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Setting permissions [Permissions:Read, InheritanceFlags:None, PropagationFlags:None, AccessControlType:Allow, Method:Add] on path [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser\PSAppDeployToolkit-ExecuteAsUser.vbs] for user [C:\TEMP\JapaneseIMEDism\Files\AddLanguage.ps1}].]LOG]!><time=“11:25:24.595-240” date=“07-15-2022” component=“Set-ItemPermission” context=“NT AUTHORITY\SYSTEM” type=“1” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Failed to set read permissions on path [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser\PSAppDeployToolkit-ExecuteAsUser.vbs]. The function might not be able to work correctly.]LOG]!><time=“11:25:24.599-240” date=“07-15-2022” component=“Execute-ProcessAsUser” context=“NT AUTHORITY\SYSTEM” type=“2” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Setting permissions [Permissions:Read, InheritanceFlags:None, PropagationFlags:None, AccessControlType:Allow, Method:Add] on path [C:\Windows\TEMP\PSAppDeployToolkit\PSAppDeployToolkit-ExecuteAsUser.xml] for user [C:\TEMP\JapaneseIMEDism\Files\AddLanguage.ps1}].]LOG]!><time=“11:25:24.607-240” date=“07-15-2022” component=“Set-ItemPermission” context=“NT AUTHORITY\SYSTEM” type=“1” thread=“7368” file=“Deploy-Application.ps1”>
<![LOG[[Post-Installation] :: Failed to export the scheduled task XML file [C:\Windows\TEMP\PSAppDeployToolkit\PSAppDeployToolkit-ExecuteAsUser.xml].
Error Record:
-------------At C:\TEMP\JapaneseIMEDism\AppDeployToolkit\AppDeployToolkitMain.ps1:11709 char:6

  •                 $Acl.AddAccessRule($Rule)

  •                 ~~~~~~~~~~~~~~~~~~~~~~~~~

Error Inner Exception(s):

Any idea on how to get this to work?

2

Since you did not use the </> editing tool when creating your post, I’m guessing the Execute-ProcessAsUser commandline is:

Execute-ProcessAsUser -Path "$PSHOME\powershell.exe" -Parameters "-ExecutionPolicy Bypass -Command &{& "$dirFiles\AddLanguage.ps1"}" -Wait

The Execute-ProcessAsUser function works by creating Scheduled Task to run as the current logged-in user. But the log file does says it’s having a hard time doing that.

PS: I hate SCCM encoded log files so I’ll have to convert to something readable:


[Post-Installation] :: Creating [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser].
[Post-Installation] :: Preparing a vbs script that will start [C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command &{& ] as the logged-on user [C:\TEMP\JapaneseIMEDism\Files\AddLanguage.ps1}] silently…
[Post-Installation] :: Setting permissions [Permissions:Read, InheritanceFlags:None, PropagationFlags:None, AccessControlType:Allow, Method:Add] on path [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser\PSAppDeployToolkit-ExecuteAsUser.vbs] for user [C:\TEMP\JapaneseIMEDism\Files\AddLanguage.ps1}].
[Post-Installation] :: Failed to set read permissions on path [C:\Windows\TEMP\PSAppDeployToolkit\ExecuteAsUser\PSAppDeployToolkit-ExecuteAsUser.vbs]. The function might not be able to work correctly.
[Post-Installation] :: Setting permissions [Permissions:Read, InheritanceFlags:None, PropagationFlags:None, AccessControlType:Allow, Method:Add] on path [C:\Windows\TEMP\PSAppDeployToolkit\PSAppDeployToolkit-ExecuteAsUser.xml] for user [C:\TEMP\JapaneseIMEDism\Files\AddLanguage.ps1}].
[Post-Installation] :: Failed to export the scheduled task XML file [C:\Windows\TEMP\PSAppDeployToolkit\PSAppDeployToolkit-ExecuteAsUser.xml].
Error Record:
-------------At C:\TEMP\JapaneseIMEDism\AppDeployToolkit\AppDeployToolkitMain.ps1:11709 char:6
 <Unreadable because message got trashed by not using the </> editing tool when creating your post>
Error Inner Exception(s):

Notice that PSADT seems to think your AddLanguage.ps1 file is called AddLanguage.ps1} and wants to run C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command &{& ] as the logged-on user [C:\TEMP\JapaneseIMEDism\Files\AddLanguage.ps1}

Try this instead:

Execute-ProcessAsUser -Path "$PSHOME\powershell.exe" -Parameters "-ExecutionPolicy Bypass -Command & { & “$dirFiles\AddLanguage.ps1"; Exit $LastExitCode }” -Wait`

Notice the escaped double-quotes "` and the Escaped $ to capture $LastExitCode

Beyond this, I can’t really help you since I don’t use Execute-ProcessAsUser for these situations.
Using Execute-ProcessAsUser for per-user changes only work ONCE for the user that is logged-in AT INSTALL TIME. Any user after that gets no per-user changes. You should actually be using Active-Setup for per-user changes.

3

Thanks. I will try your suggestion. Sorry for not using the proper tool to post code. I’ll do so next time. Regarding the information about the changes work only once for the user at install time, is there a way to “reset” that for testing should it run but not exactly as expected?