Execute ps1 file on startup with all users

Question

Hello Everyone,

I am trying to execute the ".ps1" file which is making changes in the registry "HKCU" path. I want that every user which is present on the local machine, should execute this file on startup.

I have tried a few things,

1. Finding a way on the registry itself that would help me resolve the issue.
2. Task scheduler
3. GPO

Now, Here I am trying to achieve this via Powershell so that I can use it later on ansible playbook.

My main focus solution is the task scheduler but I am not sure how I can configure the task scheduler so it would run on all user. I have used SYSTEM but its not working for me, I have also tried Admininstrator but not working on reboot, until I run it manually.

- name: Create scheduled task to run PDF default on startup
  win_scheduled_task:
    name: "Set making acrobat default PDF"
    description: "Sets the making acrobat default PDF on startup"
    actions:
      - path: "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
        arguments: "-ExecutionPolicy Bypass -File C:\\Temp\\setdefaultpdf.ps1"
    triggers:
      - type: boot
    username: SYSTEM
    run_level: highest
    state: present
    enabled: yes

Any solution would be appreciated but please provide Powershell/Ansible as sometimes achieving a solution manually is easy but on ansible it's really difficult.

GPO, I don't know how I can edit and create a policy using Powershell

Thanks for all your help.

Just for your reference, the Ps1 file contains the following content:

# Check permissions on .pdf registry key
$keyPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf"
$acl = Get-Acl -Path $keyPath
if ($acl -ne $null) {
    Write-Output "Permissions on .pdf registry key are not null. Proceeding with the commands."
    
    # Delete the UserChoice subkey in the .pdf registry
    try {
        [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey('Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf', $true).DeleteSubKey('UserChoice', $true)
        Write-Output "UserChoice subkey deleted successfully."
    } catch {
        Write-Output "Failed to delete UserChoice subkey: $_"
    }
    # Create UserChoice subkey and set ProgId value
    try {
        New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice" -Force
        New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice" -Name "ProgId" -Value "Acrobat.Document.DC" -PropertyType String -Force
        Write-Output "UserChoice subkey created and ProgId set successfully."
    } catch {
        Write-Output "Failed to create UserChoice subkey or set ProgId: $_"
    }
    # Set MRU list value
    try {
        $mruKeyPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList"
        $valueName = "MRUList"
        $newValue = "ab"
        Set-ItemProperty -Path $mruKeyPath -Name $valueName -Value $newValue
        Write-Output "MRUList value set successfully."
    } catch {
        Write-Output "Failed to set MRUList value: $_"
    }
    # Add deny permission for Administrators on .pdf registry key and subkeys
    try {
        $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "ContainerInherit,ObjectInherit", "None", "Deny")
        $acl.AddAccessRule($rule)
        Set-Acl -Path $keyPath -AclObject $acl
        Write-Output "Deny permission for Administrators added successfully."
    } catch {
        Write-Output "Failed to add deny permission for Administrators: $_"
    }
} else {
    Write-Output "Permissions on .pdf registry key are null. Skipping the commands."
}

Answer 1

1. PowerShell Script: Ensure your PowerShell script setdefaultpdf.ps1 makes the necessary registry changes under the HKCU path. The script should be designed to be user-specific and capable of running under each user's context.
2. Task Scheduler Configuration: You need to configure the scheduled task to run at user logon, not just at system startup. This ensures that the script executes under the context of each user.
3. Using Ansible to Create the Task: Use the win_scheduled_task module in Ansible to create a task that triggers at user logon.

Here is an example of an Ansible playbook to create a scheduled task that runs at user logon:

- name: Create scheduled task to run PDF default on user logon
  hosts: all
  tasks:
    - name: Create scheduled task to set Acrobat as default PDF handler
      win_scheduled_task:
        name: "SetDefaultPDFHandler"
        description: "Sets Acrobat as default PDF handler on user logon"
        actions:
          - path: "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
            arguments: "-ExecutionPolicy Bypass -File C:\\Temp\\setdefaultpdf.ps1"
        triggers:
          - type: logon
        username: "NT AUTHORITY\\SYSTEM"
        run_level: highest
        state: present
        enabled: yes

---

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Answer 2

Why not make it part of the users' logon script? That's been part of Windows since just about forever! It will, if I remember correctly, run in the users' context so the HKCU that's being modified belongs to the user that's logging on.

Answer 3

I am not sure how I can configure the task scheduler so it would run on all user.

For username, set it to "Users" or "Builtin\Users". Set the trigger to logon and not boot.