Hi,
Just starting to test out V4.0.5 in our environment where we also use Applocker. When trying to run Invoke-AppDeployToolkit.ps1 by copying the example:
powershell.exe -File Invoke-AppDeployToolkit.ps1 -DeployMode Silent
I got the following error = Cannot dot-source this
command because it was defined in a different language mode. To invoke this command without importing its contents, omit
the ‘.’ operator.
first I checked to make sure the exe and ps1 scripts are allowed to run (being run from a folder that allows running scripts and exe’s)
I then checked google and came across this.
It talks about the powershell profile not being able to load correctly using different language modes so I added -noprofile to the command and I can get the script to work.
Only problem is that when trying to run Invoke-AppDeployToolkit.exe i get an error stating the following: “An error occured while running Invoke-AppDeployToolkit.ps1, exit code 1”
I am guessing it is also failing as it is trying to load the powershell profile. How would I go about getting this to work via the exe?
Usually, the [PowerShell Constrained Language mode] is imposed on regular NON-ELEVATED users for security and safety reasons. When you run PowerShell scripts elevated, the Constrained Language mode doesn’t apply.
When enabled via device guard policy it is enabled for all users and cant be turned off.
What looks to be the problem is that the script is allowed as the folder it is being run from is whitelisted to run anything so the script will run in full language mode but cant load the powershell profile as it is not white listed so errors out.
I have even tested the batch script (after updating to the new invoke name) from the older psadt to run as system.
When executing the psadt script with the -noprofile switch it works fine. I just need to know if I can add this switch to the exe or if the exe can be updated to work in environments where constrained language mode is enforced.
The toolkit has never supported constrained language mode and never will. You need to ensure the path(s) used by Intune or SCCM where the script would be running from is exempt from AppLocker or WDAC.
Sorry, I mean in an environment with Applocker and constrained language mode.
The path from which it is run is exempt. I have tested this by creating a script that will display what language mode the script has been run in. It returns
full.
I am also able to run Invoke-AppDeployToolkit.ps1 which works as intended.
When running the exe it errors out with an error code 1.
Keep in mind I am running this as Zero config with literally an MSI (7zip) in the files folder for testing.
Also older versions of the kit work in the same manner I am trying to run V4 but V4 errors out.
there are no errors in the logs.
this information message looks to be the issue.
CommandInvocation(Out-Default): “Out-Default”
ParameterBinding(Out-Default): name=“InputObject”; value=“Cannot dot-source this command because it was defined in a different language mode. To invoke this command without importing its contents, omit the ‘.’ operator.”
