I'm trying to run a simple powershell script in a package. It works exactly as it should outside of the package but it will not run.
No errors in any logs and as far as I can tell sccm is running the correct command and everything It just sits at installing in software center.
This is the script:

$restartneeded = "False"
Remove-Item C:\programdata\Sophos\AutoUpdate\Logs\ALUpdate*.log -ErrorAction SilentlyContinue
Start-Process -FilePath setup.exe -ArgumentList '-crt R -s '
DO
    {
         $restartneeded = Select-String -path C:\programdata\Sophos\AutoUpdate\Logs\ALUpdate*.log -Pattern "<ErrorMessage><ID>AutoUpdate.RebootNeeded</ID>" -quiet
} Until ($restartneeded -eq "True")
Restart-Computer -ComputerName localhost -Force

I tried just using the script as the program in sccm and I got errors.

So I tried running it like "powershell.exe -File .\script.ps1" and that's where it's just sitting doing nothing until the package times out.

Anybody know what could be causing this?

Hi,

it sounds like a Problem with the execution policy. I suppose the script is not signed?

Try the following command line "powershell.exe -ExecutionPolicy Bypass -File .\script.ps1"

Regards

    Stefan

The script is signed.
I've actually tried this just to verify that it wasn't the issue and I get the same result.
In software center it just says installing until it times out.

when I understand your script right, you're waiting for the appearance of <ErrorMessage><ID>AutoUpdate.RebootNeeded</ID> in the log.

When your app times out, appears this text in the log? (may be some additional space or new line).

and I would add -SimpleMatch to the select-string command (-Pattern value is no regular expression) as recommendet in the help:

-Pattern <String[]>        Specifies the text to find. Type a string or regular expression. If you type a string, use the SimpleMatch parameter.

Thanks for the tip with simplematch.
When the script is running in software center it doesn't do anything, not even starting the .exe .
Just for kicks I tried putting it in a task sequence step, bypassing policy that way and it actually gave me the error that the script was not signed (But I've verified the script is signed and it runs correctly with no changes on the computer that I'm running it on outside of sccm.)

This is very odd.

Hi,

>>Just for kicks I tried putting it in a task sequence step, bypassing policy that way and it actually gave me the error that the script was not signed.

Please try to change to Bypass in the client settings. Then check if you still get the same error. It's located in SCCM Console -> Administration -> Client Settings -> <Name of your Client Settings> -> Computer Agent -> Powershell execution policy and set it to bypass.

Best Regards,

Joyce

Gave this a try after your suggestion, in a task sequence it still says the script is unsigned (It is not unsigned) and it cannot run.
Same thing when run directly from the package as before, it seemingly runs the script but nothing happens.

Is there something I can do to update client settings?
I had run a machine policy refresh prior to running the task sequence.

• Edited by therealmrbob 17 hours 42 minutes ago

How did you test in the task sequence? Run Command Line or Install Package/Program or Run PowerShell script?

I would not rely on client settings, I would change your command to include -executionpolicy bypass.

If you want to confirm its running the proper command, check smsts.log or execmgr.log if its a package.

I've tried it in a package with -executionpolicy bypass this seems to bypass execution policy (I think, as it's running the command and it says it's running) But nothing happens.

I've tried it in the task sequence as a powershell script step. (With the bypass execution policy setting).

I had a play around with this a few weeks back. I found that there was nothing added in execmgr.log until I set the client execution policy to bypass and updated policy on the workstation and then redeployed. (this only affects ConfigMgr actions and doesn't change the execution policy for everything)

As a test I also got it working without having to change the client settings by doing this.

• Edited by Richard.Knight 17 hours 25 minutes ago

I tried the Install.cmd, same thing it says it's not signed.
It's powershell 2 so it should be able to use bypass.
hmm.

each time you make changes are you forcing a policy update on the client and making sure the new policy is applied?

I would start again. Create a new package as in the screen shot with a simple powershell script. something like 

New-Item c:\scripts\test -type directory

deploy it to a single machine and see what happens, will take 5 minutes.

• Edited by Richard.Knight 16 hours 33 minutes ago

I know it updated because in execmgr.log it ran install.cmd. (Which was not in the package before) So the package updated and it ran that file so it had to have updated.
I'm considering just figuring this out in vbs because it will just work =/

Gave this a try after your suggestion, in a task sequence it still says the script is unsigned (It is not unsigned) and it cannot run.
Same thing when run directly from the package as before, it seemingly runs the script but nothing happens.

Is there something I can do to update client settings?
I had run a machine policy refresh prior to running the task sequence.

• Edited by therealmrbob Wednesday, May 27, 2015 2:05 PM

I had a play around with this a few weeks back. I found that there was nothing added in execmgr.log until I set the client execution policy to bypass and updated policy on the workstation and then redeployed. (this only affects ConfigMgr actions and doesn't change the execution policy for everything)

As a test I also got it working without having to change the client settings by doing this.

• Edited by Richard.Knight Wednesday, May 27, 2015 2:22 PM

each time you make changes are you forcing a policy update on the client and making sure the new policy is applied?

I would start again. Create a new package as in the screen shot with a simple powershell script. something like 

New-Item c:\scripts\test -type directory

deploy it to a single machine and see what happens, will take 5 minutes.

• Edited by Richard.Knight Wednesday, May 27, 2015 3:14 PM

Well after a bunch of messing around trying to ByPass the execution policy I just went ahead and added the my cert to trusted certificates on all machines and it works fine.
Seems that "executionpolicy -bypass" was working, but it was bringing up the "Is this publisher trusted?" dialog and waiting for input, so it just sat there running and doing nothing.
Everything seems to work now that my cert is trusted.
Not ideal but it will work.

• Marked as answer by therealmrbob 19 hours 43 minutes ago