TpmVscMgr cmd not working when used with /prompt in PowerShell Windows 10 task

Question

Working on Windows 10, I need to make it possible for a user mode (i.e. non-admin) application to create virtual smart cards (VSC). Yet it seems that VSC's can only be created in admin mode.

The solution I have come up with is like so.

1. Register a separate Windows task that runs as admin and gets triggered by the app.
2. The task itself is implemented as a PowerShell script, which uses the command, TpmVscMgr, to create VSC's.

It works like a charm as long as I put the following command line in the PowerShell script that implements the task:

TpmVscMgr create /name VSC /pin default /adminkey default /generate

But it does not work if I want to use a non-default PIN policy, like so:

TpmVscMgr create /name VSC /pin prompt /pinpolicy ... /adminkey default /generate

What happens is that the task simply blocks like in doing nothing anymore as soon as its control flow hits this line. I am flabbergasted. What could be the problem here?

Answer 1

The problem here is that MS removed the "Interact with the desktop" from the scheduled task parameters.

If you search for "windows 10 scheduled task interact with desktop" you'll find lots of people with the same problem.

Some of the sugestions might work for you (e.g. have the task run using "builtin\users" and "Run with highest privileges", or use the schedtask command with the "change" option and the "/IT" parameter). There are others, too. But the reason MS removed that "interact" option is that it's a big security problem.

This really isn't a PowerShell problem, though . . . or a Windows 10 problem. It affects all server products (from 2016 I think) onward, and desktops from 10 onwards.