deploy a powershell script as a package
Dear All,
I'm trying to deploy a powershell script as a package. The package content contains the UNC where the powershell script is located.
This is the command line for the package:
Powershell -ExecutionPolicy Bypass -file .\Monitortools.ps1
In the monitoring section of SCCM I see this error "Requirement not Met - Program rejected invalid policy"
I'm able to run successfully the script locally with the same command line just replacing -file :\ with the UNC path.
Program rejected - does it mean there is a problem with ExecutionPolicy?
Thanks,
Edy
September 17th, 2013 11:32am
"invalid policy" might be caused by something like "download & execute" AND "requires drive letter" (or something similar).
You don't have to add the UNC path to the program if the package contains source files (otherwise the scipt will be downloaded to the cache, but executed from the network). So how are the package and program configured exactly?
September 17th, 2013 11:47am
Hi,
The package contains source file is checked. The source folder is a UNC path. On the data access tab nothing is checked. The program is configured with no UNC path.
The command line is exactly as stated above in my initial post. Environment tab, for drive mode "requires drive letter" is checked. Is that the problem?
September 18th, 2013 5:21am
it worked now and the script ran. But a part of the script is to copy files from a UNC path to the SCCM client. I guess it is a right issue with the file share.
How do I now with which account SCCM run such operation or what account needs to have access to the file share? I already added the computer account of the SCCM server for the file share.
Thanks,
Edy
September 18th, 2013 9:55am
It's the ConfigMgr client that accesses a share it's running as 'local system', so it's the computer account of the client being used.
September 18th, 2013 10:06am
Oops that would be mean I would need to give "everyone" read permission to the share.
September 18th, 2013 10:31am
That would work for sure, but "domain computers" would be a better alternative.
September 18th, 2013 11:00am
Now the powershell script worked after adding "domain computers" account with read right to the file share.
Thank you!
Edy
September 18th, 2013 12:06pm