I’m using Tanium to push apps with interactive pop-ups/deferals/etc… using PSADT (v3.8.4).
Locally, they run fine (run as Admin) when building them. Tanium (like MEMCM) deploys as System.
Workflow is basic, customize a Toolkit folder, configure Deploy-Application.ps1 and add apps to Files, zip that folder.
Then deploy a PS1 script and the zip file that unzips Toolkit on endpoint.
Toolkit.zip
MyPS1Script.ps1
Results in:
Toolkit
Toolkit.zip
MyPS1Script.ps1
The following runs inside of MyPS1Script.ps1, but there is no popup for user to click through or see the typical toast notifications and completion of PSADT.
My question is, does there need be different syntax format to get Deploy-Application.exe to run in Interactive mode, when run as System?
Start-Process -filepath ".\Toolkit\Deploy-Application.exe" -argumentlist "-deploymode Interactive" -WindowStyle Normal
From the logs:
Note: I tweaked the AppDeployToolkitConfig.xml file to change Install to Reboot in this example.
[Initialization] :: Session 0 detected, process not running in user interactive mode; deployment mode set to [NonInteractive]. PSAppDeployToolkit 1/21/2022 9:29:32 AM 14184 (0x3768)
[Pre-Installation] :: Bypassing Show-InstallationProgress [Mode: NonInteractive]. Status message:Reboot in progress. Please wait… Show-InstallationProgress 1/21/2022 9:29:32 AM 14184 (0x3768)
[Post-Installation] :: Bypassing Show-InstallationPrompt [Mode: NonInteractive]. Message: Patch Team Reboot has been sucessfully installed.
Log files can be found here: C:\WINDOWS\Logs\Software\PatchTeam_Reboot_EN_01_PSAppDeployToolkit_Install.log Show-InstallationPrompt 1/21/2022 9:29:32 AM 14184 (0x3768)
[Post-Installation] :: Bypassing Close-InstallationProgress [Mode: NonInteractive] Close-InstallationProgress 1/21/2022 9:29:32 AM 14184 (0x3768)
[Post-Installation] :: PatchTeam_Reboot_EN_01 Reboot completed with exit code [0]. Exit-Script 1/21/2022 9:29:32 AM 14184 (0x3768)
When running an application, installer, script etc as system, processes are run in Session 0. For security reasons, processes as not permitted to communicate with other processes across session boundaries. The user interactive desktop runs in Session 1 (or a higher number depending on whether you’ve got multiple users logging in, e.g. a VDI desktop session).
This means that interacting with the desktop isn’t possible, and one of the reasons we explicitly check for it as part of PSADT - to suppress any messaging which might cause an install script to hang while waiting for a user interaction that will never been displayed.
However, something that might be useful to note is that you can leverage the existing toolset in Tanium Deploy to display onscreen messages.
Thank you for that explanation. I’ve done some things with native Windows Toast notifications and Powershell too in Tanium, but the PSADT tools are so easy to configure.
Deploy module has some basic messaging, but was hoping to push this PSADT solution via Interact packages.
I’ll see if the link you provided can provide a better solution for my use case.
if you are using SCCM/MECM to deploy software to the clients. You can set the User Expierence for the deployment type to normal and in the PSADT to Interactive. Then you can use Systemaccount for the deployment and the logged in user can interactive with the installation.
Update on my project, SCCM isn’t available to me directly, but Tanium is.
running PSEXEC -s (system) on my local machine, (updated the XML file and set require admin to false), and use the execute-processasuser and run the deploy-application.exe, it works great.
My test was deploying from Tanium, copying a file from our on-prem file share (as logged in user, my standard user account, which has read-rights to the data) and “seeding” a file on the C: Drive.
To keep in the context of this thread, I do have a question.
Using Show-InstallationWelcome -AllowDefer -DeferTimes -PersistPrompt I get the splash screen (desired effect).
However, since defer isn’t a relevant use case, if I change it to:
Show-InstallationWelcome -PersistPrompt
It simply “skips” the welcome screen and proceeds to the Show-InstallationProgress window.
My goal is to still get the splash screen and the continue button for the user to click on.
