psapp doesn't something quirky when using new-psdrive..

martin · September 8, 2016, 1:38pm

Hi

When I adapted a script I’ve been playing with into psappdeploy script it seems to be doing something strange…

I run the script to connect all network shares that the user has access to. This is used when connecting via DNS VPN.

if I keep the script outside psappdeploy it works… when I add it to psappdeploy the very last thing it does is remove all drives that were just mapped.

I’m using v3.6.8
here is the script:

<code>If ($deploymentType -ine &#039;Uninstall&#039;) {
		##*===============================================
		##* PRE-INSTALLATION
		##*===============================================
		[string]$installPhase = &#039;Pre-Installation&#039;
		
		## Show Welcome Message, close Internet Explorer if required, allow up to 3 deferrals, verify there is enough disk space to complete the install, and persist the prompt
		#Show-InstallationWelcome -CloseApps &#039;iexplore&#039; -AllowDefer -DeferTimes 3 -CheckDiskSpace -PersistPrompt
		
		## Show Progress Message (with the default message)
		#Show-InstallationProgress
		
	    ## &lt;Perform Pre-Installation tasks here&gt;
		
        #start by removing all the old drives if present..

        net use * /d /y

        Show-DialogBox -Title &#039;VPN Drivemapping&#039; -Text &#039;Vi Begynder at mappe dine netværksdrev om lidt. Husk du skal logge ind i Network Connect, når programmet starter om lidt&#039; -Icon &#039;Information&#039;

        
        $getJuniper78 = &#039;C:\Program Files (x86)\Juniper Networks\Network Connect 7.8\dsNetworkConnect.exe&#039;
        $getJuniper79 = &#039;C:\Program Files (x86)\Juniper Networks\Network Connect 7.9\dsNetworkConnect.exe&#039;
        $getJuniper80 = &#039;C:\Program Files (x86)\Juniper Networks\Network Connect 8.0\dsNetworkConnect.exe&#039;
        $getJuniper81 = &#039;C:\Program Files (x86)\Juniper Networks\Network Connect 8.1\dsNetworkConnect.exe&#039;

        $TestJuniper78=test-path $getJuniper78
        $TestJuniper79=test-path $getJuniper79
        $TestJuniper80=test-path $getJuniper80
        $TestJuniper81=test-path $getJuniper81

        $DriveletterF=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Logistik&quot;
        $DriveletterG=&quot;DOMAIN\SG - GPO - DriveMaps - QUB - Marketing&quot;
        $DriveletterH=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - HR&quot;
        $DriveletterI=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Jokan&quot;
        $DriveletterJ=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Jokan&quot;
        $DriveletterK=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Teknik&quot;
        $DriveletterL=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - QLS&quot;
        $DriveletterM=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Management&quot;
        $DriveletterN=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Salg&quot;

        ## = er også DOMAIN\SG - GPO - DriveMaps - ARD - EPLAN

        $DriveletterQ=&quot;DOMAIN\SG - GPO - DriveMaps - QUB - Common&quot;
        #R er disabled i GPO
        #$DriveletterR=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Teknik&quot;
        $DriveletterS=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Service&quot;
        $DriveletterT=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Projekt og tilbud&quot;
        $DriveletterU=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Faelles&quot;
        #V er disabled i GPO
        #$DriveletterV=&quot;DOMAIN\SG - GPO - DriveMaps - QUB - GroupManagement&quot;
        $DriveletterW=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - SupplyChain&quot;
        $DriveletterX=&quot;DOMAIN\SG - GPO - DriveMaps - ARD - Financial Management&quot;
        #Y er disabled i GPO
        #$DriveletterY=&quot;DOMAIN\SG - GPO - DriveMaps - QUB - Datarum - Arden&quot;

        #username of loggedon user
        $username=get-content env:username

            
            ## Start Juniper and prompt user for username &amp; password
            if     ($TestJuniper81)
                {
                    &amp; $getJuniper81 -asJob
                }
            elseif (!$testJuniper81 -and $testJuniper80)
                {
                    &amp; $getJuniper80 -asJob
                }         
                          

            if      (!$TestJuniper80)
                {
                    &amp; $getJuniper81 -asJob
                }
            elseif  (!$TestJuniper81)
                {
                    &amp; $getJuniper80 -asJob
                }
                        
        # Ping until domain responds
        do {$ping=test-connection -computer &quot;sardad01.domain.local&quot; -quiet} until($ping)

        #make user aware that stuff is happening
        Show-InstallationProgress -StatusMessage &#039;Drevmapning igang&#039;

        
        ##Homedir is the same for everyone
        $testdrive = Get-PSDrive -Name P
        if(!$testdrive)
            {
                new-psdrive -Name &quot;P&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\Homedir$\$username&quot; -Persist    
            }
        else
            {
                Remove-PSDrive -Name P
                new-psdrive -Name &quot;P&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\Homedir$\$username&quot; -Persist
            }		

		##*===============================================
		##* INSTALLATION 
		##*===============================================
		[string]$installPhase = &#039;Installation&#039;
		
		## Handle Zero-Config MSI Installations
		If ($useDefaultMsi) {
			[hashtable]$ExecuteDefaultMSISplat =  @{ Action = &#039;Install&#039;; Path = $defaultMsiFile }; If ($defaultMstFile) { $ExecuteDefaultMSISplat.Add(&#039;Transform&#039;, $defaultMstFile) }
			Execute-MSI @ExecuteDefaultMSISplat; If ($defaultMspFiles) { $defaultMspFiles | ForEach-Object { Execute-MSI -Action &#039;Patch&#039; -Path $_ } }
		}
		
		## &lt;Perform Installation tasks here&gt;
		Function Get-AllUserGroups {
        [cmdletbinding()]
        param()
        $Groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
        foreach ($Group in $Groups) {
        $GroupSID = $Group.Value
        $GroupName = New-Object System.Security.Principal.SecurityIdentifier($GroupSID)
        $GroupDisplayName = $GroupName.Translate([System.Security.Principal.NTAccount])
        $GroupDisplayName
            }
        }
        

$groups=Get-AllUserGroups | Where-Object {$_ -like &quot;*SG - GPO - DriveMaps*&quot; }

    ##we have to handle the Double O
    if ($groups -contains &quot;DOMAIN\SG - GPO - DriveMaps - ARD - Økonomi&quot;)
        {
            $testdrive = Get-PSDrive -Name O
            if(!$testdrive)
                {
                    new-psdrive -Name &quot;O&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\økonomi&quot; -Persist
                }
            else
                {
                    Remove-PSDrive -Name O -Force
                    new-psdrive -Name &quot;O&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\økonomi&quot; -Persist
                }
        }

    ElseIf($groups -contains &quot;DOMAIN\SG - GPO - DriveMaps - ARD - EPLAN&quot;)
        {
            $testdrive = Get-PSDrive -Name O
            if(!$testdrive)
                {
                    new-psdrive -Name &quot;O&quot; -PSProvider FileSystem -Root &quot;\\domain.local\Arden\EPLAN&quot; -Persist
                }
            else
                {
                    Remove-PSDrive -Name O -Force
                    new-psdrive -Name &quot;O&quot; -PSProvider FileSystem -Root &quot;\\domain.local\Arden\EPLAN&quot; -Persist
                }
        }

Foreach ($group in $groups)

{

    #write-host $group
    if ($group -eq $driveletterF)
                                                    {
        $testDrive=Get-PSDrive -Name &quot;F&quot;
        if (!$testDrive)
            {
                new-psdrive -Name &quot;F&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\logistik&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name F -Force
                new-psdrive -Name &quot;F&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\logistik&quot; -Persist
            }
    }

    if ($group -eq $driveletterG)
                                                    {
        $testDrive=Get-PSDrive -name G
        if (!$testDrive)
            {
                new-psdrive -Name &quot;G&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\marketing&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name G -Force
                new-psdrive -Name &quot;G&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\marketing&quot; -Persist
            }

    }

    if ($group -eq $driveletterH)
                                                    {
        $testDrive=Get-PSDrive -Name H
        if (!$testDrive)
            {
                new-psdrive -Name &quot;H&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\HR&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name H -Force
                new-psdrive -Name &quot;H&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\HR&quot; -Persist
            }
    }

    
    if ($group -eq $driveletterI)
                                                    {
        $testDrive = Get-PSDrive -Name I
        if (!$testDrive)
            {
                new-psdrive -Name &quot;I&quot; -PSProvider FileSystem -Root &quot;\\domain.local\Arden\CatiaProjekt&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name I -Force
                new-psdrive -Name &quot;I&quot; -PSProvider FileSystem -Root &quot;\\domain.local\Arden\CatiaProjekt&quot; -Persist
            }
    }

    if ($group -eq $driveletterJ)
                                                    {
        $testDrive = Get-PSDrive -Name J
        if (!$testDrive)
            {
                new-psdrive -Name &quot;J&quot; -PSProvider FileSystem -Root &quot;\\domain.local\Arden\Jokan&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name J -Force
                new-psdrive -Name &quot;J&quot; -PSProvider FileSystem -Root &quot;\\domain.local\Arden\Jokan&quot; -Persist
            }
    }

    if ($group -eq $driveletterK)
                                                    {
        $testDrive = Get-PSDrive -Name K
        if (!$testDrive)
            {
                new-psdrive -Name &quot;K&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\Teknik&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name K -Force
                new-psdrive -Name &quot;K&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\Teknik&quot; -Persist
            }
    }

    if ($group -eq $driveletterL)
                                                    {
        $testDrive = Get-PSDrive -Name L
        if (!$testDrive)
            {
                new-psdrive -Name &quot;L&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\QLS&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name L -Force
                new-psdrive -Name &quot;L&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\QLS&quot; -Persist
            }
    }

    if ($group -eq $driveletterM)
                                                    {
        $testDrive = Get-PSDrive -Name M
        if (!$testDrive)
            {
                new-psdrive -Name &quot;M&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ardenmanagement&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name M -Force 
                new-psdrive -Name &quot;M&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ardenmanagement&quot; -Persist
            }
    }
    

    if ($group -eq $driveletterN)
                                                    {
        $testDrive = Get-PSDrive -Name N
        if (!$testDrive)
            {
                new-psdrive -Name &quot;N&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\salg&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name N -Force
                new-psdrive -Name &quot;N&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\salg&quot; -Persist
            }

    }
    

    if ($group -eq $driveletterQ)
                                                    {
        $testDrive = Get-PSDrive -Name Q
        if(!$testDrive)
            {
                new-psdrive -Name &quot;Q&quot; -PSProvider FileSystem -Root &quot;\\domain.local\qubiqa\Qubiqa_Common&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name Q -Force
                new-psdrive -Name &quot;Q&quot; -PSProvider FileSystem -Root &quot;\\domain.local\qubiqa\Qubiqa_Common&quot; -Persist
            }
    }

    if ($group -eq $driveletterS)
                                                    {
        $testDrive = Get-PSDrive -Name S
        if(!$testDrive)
            {
                new-psdrive -Name &quot;S&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\service&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name S -Force
                new-psdrive -Name &quot;S&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\service&quot; -Persist
            }
    }

    if ($group -eq $driveletterT)
                                                    {
        $testDrive = Get-PSDrive -Name T
        if(!$testdrive)
            {
                new-psdrive -Name &quot;T&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ProjektTilbud&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name T -Force
                new-psdrive -Name &quot;T&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ProjektTilbud&quot; -Persist         
            }
    }

    if ($group -eq $driveletterU)
                                                    {
        $testDrive = Get-PSDrive -Name U
        if(!$testDrive)
            {
                new-psdrive -Name &quot;U&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\Faelles&quot; -Persist
            }
        else
            {
                Remove-PSDrive -Name U -Force
                new-psdrive -Name &quot;U&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\Faelles&quot; -Persist
            }
    }

    if ($group -eq $driveletterW)
        {
            $testDrive = Get-PSDrive -Name W
            if(!$testDrive)
                {
                    new-psdrive -Name &quot;W&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ardensupplychain&quot; -Persist
                }
            else
                {
                    Remove-PSDrive -Name W -Force
                    new-psdrive -Name &quot;W&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ardensupplychain&quot; -Persist
                }
        }

    if ($group -eq $driveletterX)
                                                    {
        $testDrive = Get-PSDrive -Name X
        if(!$testDrive)
            {
                new-psdrive -Name &quot;X&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ArdenFinancialManagement&quot; -Persist
            }
        else
            {       
                Remove-PSDrive -Name X -Force
                new-psdrive -Name &quot;X&quot; -PSProvider FileSystem -Root &quot;\\domain.local\arden\ArdenFinancialManagement&quot; -Persist
            }
    }

} 

		
		##*===============================================
		##* POST-INSTALLATION
		##*===============================================
		[string]$installPhase = &#039;Post-Installation&#039;
		
		## &lt;Perform Post-Installation tasks here&gt;
		
		## Display a message at the end of the install
		Show-InstallationPrompt -Message &#039;Så er drevmapning afsluttet. Go Arbejdslyst&#039; -ButtonRightText &#039;OK&#039; -Icon Information -NoWait</code>

That-Annoying-Guy · September 9, 2016, 2:18pm

Known new-psdrive issue.
See https://stackoverflow.com/questions/32865461/new-psdrive-persist-doesnt-work#32867280

When logged in as administrator, drive mappings are also Elevation-specific.
mapped drives while being elevated won’t exist when not elevated.

PS: Please don’t post as bug and ask for help at the same time.

martin · September 9, 2016, 6:31pm

hi

sry for posting twice… I just noticed the github repo after I posted here.

If i open powershell ISE “run as administrator”, then load the script and run it… it works… drives stay there etc.
if I create a shortcut and edit properties and select “run as administrator” on the shortcut and then run the script… the drives are removed at the end.

I am elevating in the user context… logged in with standard user and running the script…

are you saying (as the post you refer to) that if I run as elevated…even in the user context… then the drives are considered mounted under another context?

That-Annoying-Guy · September 9, 2016, 7:54pm

YES!

Elevation creates 2 security contexts: Regular and elevated.

Only administrators get 2 security tokens.
When you map drive letters they are mapped using only ONE token.

Drive mappings are Per-user.

Usually drive letters are mapped centrally with a login script.
That way, you do not have to visit every box when you change which server was serving the share(s) for those drive letters.

martin · September 9, 2016, 8:23pm

ok…

can you explain why it works in PS ise with elavation and not with shortcut with elevation?

martin · September 14, 2016, 7:22am

ok, so I tried adding:

-scope global

to each new-psdrive command and that seems to have fixed it…