PSADT 4.1.1 System user

The Toolkit General Discussion
1

Hi,

I've just started with PSADT and got 4.1.1 through Install-Module -Name PSAppDeployToolkit -Scope CurrentUser.

For the beginning, I created a test package, which only dispoloays text messages in the console. In user scope (normal and admin) all works fine. Since Intune deploys the packages with elevated rights as system user, I tested the packaqe in a console opened with PsExec.exe -s -i powershell.

Unfortunately, when I use the Interactive DeployMode, an error occurs (see below) mentioning a "domain not found". If I use Silent DeployMode all runs as expected.

.
.
.
[2025-08-21T13:35:23.1957862+02:00] [Initialization] [Open-ADTSession] [Info] :: Deployment type is [Install].
[2025-08-21T13:35:23.2805367+02:00] [Initialization] [PSAppDeployToolkit.Extensions.psm1] [Info] :: Module [PSAppDeployToolkit.Extensions] imported successfully.
[2025-08-21T13:35:23.4152673+02:00] [Pre-Install] [Invoke-AppDeployToolkit.ps1] [Error] :: An unhandled error within [Invoke-AppDeployToolkit.ps1] has occurred.
Error Record:
-------------

Message               : Ausnahme beim Aufrufen von "TestEffectiveAccess" mit 3 Argument(en):  "Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden"
InnerException        : System.ComponentModel.Win32Exception (0x80004005): Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden
                           bei PSADT.LibraryInterfaces.AdvApi32.AuthzInitializeContextFromSid(AUTHZ_CONTEXT_FLAGS Flags, SafeHandle UserSid, SafeHandle hAuthzResourceManager, Nullable`1 pExpirationTime, LUID Identifier, IntPtr DynamicGroupArgs, AuthzFreeContextSafeHandle& phAuthzClientContext) in D:\a\PSAppDeployToolkit\PSAppDeployToolkit\src\PSADT\PSADT\LibraryInterfaces\AdvApi32.cs:Zeile 655.
                           bei PSADT.FileSystem.FileSystemUtilities.GetEffectiveAccess(String path, SecurityIdentifier sid, FileSystemRights desiredAccessMask) in D:\a\PSAppDeployToolkit\PSAppDeployToolkit\src\PSADT\PSADT\FileSystem\FileSystemUtilities.cs:Zeile 116.
                           bei CallSite.Target(Closure , CallSite , Type , Object , Object , Object )

FullyQualifiedErrorId : Win32Exception,Set-ADTClientServerProcessPermissions
ScriptStackTrace      : bei Private:Set-ADTClientServerProcessPermissions, D:\Temp\Template v4\PSAppDeployToolkit\PSAppDeployToolkit.psm1: Zeile 2076
                        bei Private:Invoke-ADTClientServerOperation, D:\Temp\Template v4\PSAppDeployToolkit\PSAppDeployToolkit.psm1: Zeile 1192
                        bei Show-ADTInstallationProgress<Process>, D:\Temp\Template v4\PSAppDeployToolkit\PSAppDeployToolkit.psm1: Zeile 17635
                        bei Install-ADTDeployment, D:\Temp\Template v4\Invoke-AppDeployToolkit.ps1: Zeile 141
                        bei <ScriptBlock>, D:\Temp\Template v4\Invoke-AppDeployToolkit.ps1: Zeile 343
                        bei <ScriptBlock>, <Keine Datei>: Zeile 1

PositionMessage       : In D:\Temp\Template v4\PSAppDeployToolkit\PSAppDeployToolkit.psm1:1192 Zeichen:5
                        +     & $Script:CommandTable.'Set-ADTClientServerProcessPermissions' -S ...
                        +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[2025-08-21T13:35:23.4376478+02:00] [Finalization] [Close-ADTSession] [Error] :: [TestVendor_TestApp_1.0.0_x64_EN_01] install completed in [0,4901761] seconds with exit code [60001].
[2025-08-21T13:35:23.4451185+02:00] [Finalization] [Close-ADTSession] [Info] :: -------------------------------------------------------------------------------

Strangely, even a Show-ADTHelpConsole for system user does not work and brings this error.

PS D:\Temp\Template v4> Show-ADTHelpConsole
Set-ADTClientServerProcessPermissions : Ausnahme beim Aufrufen von "TestEffectiveAccess" mit 3 Argument(en):  "Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden"
In D:\Temp\Template v4\PSAppDeployToolkit\PSAppDeployToolkit.psm1:1192 Zeichen:5
+     & $Script:CommandTable.'Set-ADTClientServerProcessPermissions' -S ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-ADTClientServerProcessPermissions], MethodInvocationException
    + FullyQualifiedErrorId : Win32Exception,Set-ADTClientServerProcessPermissions

Do you have any hint to solve this problem?

Best regards,
Oliver

2

Hello,

Unfortunately version 4.1.1 and 4.1.2 were pulled late yesterday, and I think the issue you are seeing is one of the reasons it was pulled:

I'd suggest you give the developers a few days (my timing not theirs) and there should be a new release with fixes included - this may even fix your issue.

1 Like
3

Thanks Adrian.
Perhaps it was bad timing to start with PSADT :wink:

4

We've now released 4.1.3 which addresses this issue, and an unfortunate regression that slipped into 4.1.2.

The 4.1.1 release had some more refined client/server permissions checks, but the setup implemented had issues with domain user SIDs, especially if the device was off the domain. We remediated that in 4.1.2, but an issue slipped in that missed our testing. It's no excuse, but it was 1:30 am for me (Sydney, Australia) and I confirmed everything was working well locally, I just didn't test properly as SYSTEM which revealed the issue.

We'll be more stringent in the lead up to patch releases to avoid these issues in the future.

2 Likes
5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.