question

Shehab-9226 avatar image
0 Votes"
Shehab-9226 asked piaudonn answered

Running Powershell scripts pushed from AD GPO as admin on domain computers

Hello everyone,

Needed some help getting a simple task done at work.

I have about 30 machines in my work domain that i want to run a power-shell script on at startup.
I have created a GPO that runs the script on all machines at startup and all machines have the GPO applied successfully.
The power-shell script is supposed to lookup a service on the machine and if it finds it, it starts it up and that's it. If the service does not exist, the script continues running and copies a file stored on a shared folder in the domain into the machine and then creates the service then starts it up.

MY PROBLEM: the script does not run automatically on all machines.

After some troubleshooting i found out that running scripts on the machines with the domain user logged in is not allowed and when i try to run the script manually on each machine i get an error that says running scripts is disabled, so i created a GPO that enables running scripts on the machines by enabling the Turn on Script Execution Policy. Regardless the script did not do it's job after restarting the machines and i still get the same error when i try manually.
Then i tried to run the script manually as admin on the machines and the script performed it's work perfectly.

Also tried adding the following two commands -based on suggestions from other people having similar problems- in the beginning of the power-shell script, the first to elevate the script to run as admin and the second to allow running scripts on the machine and it did not make any change.
COMMAND #1: start-process powershell –verb runAs
COMMAND #2: Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

Currently the number of device is going to get close to 200 and i need to get this script to run as admin on all machines from the applied GPO. Waiting to read some solutions from you shortly

Thanks in advance.

windows-10-generalwindows-active-directorywindows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered

You could also not use PowerShell :) What about a good old bat file?

 sc query MySvc
 if %ERRORLEVEL% GTR 0 (
  copy \\server\share\file.exe c:\folder\file.exe
  sc create MySvc binpath= c:\folder\file.exe start= auto
 )

MySvc is the service to check the existance of. \\server\share\file.exe is where the binary is (assuming that's what you want from the share, else you can adjust) and then you create the service...

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.