question

PeterL-5191 avatar image
0 Votes"
PeterL-5191 asked PeterL-5191 answered

Powershell Script - run as logged on user from system run script

I have a scheduled task running as system which creates a device and user VPN. I have copied the functional aspect of the user VPN creation from elsewhere, and don't understand enough in detail, how to adapt it to use the same or new CIMSession to open a local file as the logged on user. It needs to be the logged on user, as the file opens in the system environment at the moment and can't be seen by the logged in user. The file is a text file I would like to open using notepad.

The code I have for creating the user VPN is:

     $nodeCSPURI = "./Vendor/MSFT/VPNv2"
     $namespaceName = "root\cimv2\mdm\dmmap"
     $className = "MDM_VPNv2_01"
  $username = Gwmi -Class Win32_ComputerSystem | select username
     $objuser = New-Object System.Security.Principal.NTAccount($username.username)
     $sid = $objuser.Translate([System.Security.Principal.SecurityIdentifier])
     $SidValue = $sid.Value
     $session = New-CimSession
     $options = New-Object Microsoft.Management.Infrastructure.Options.CimOperationOptions
     $options.SetCustomOption("PolicyPlatformContext_PrincipalContext_Type", "PolicyPlatform_UserContext", $false)
     $options.SetCustomOption("PolicyPlatformContext_PrincipalContext_Id", "$SidValue", $false)
         $newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
         $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", "$nodeCSPURI", "String", "Key")
         $newInstance.CimInstanceProperties.Add($property)
         $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", "$ProfileNameEscaped", "String",      "Key")
         $newInstance.CimInstanceProperties.Add($property)
         $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ProfileXML", "$ProfileXML", "String", "Property")
         $newInstance.CimInstanceProperties.Add($property)
         $session.CreateInstance($namespaceName, $newInstance, $options)
         $Status = "Created $ProfileName profile."

If anyone can help me with this, would you also please tell me how you decide what CIMClassname, you use to do what with PowerShell.

PeteL

windows-server-powershell
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image MotoX80 ·

I can't speak for everyone else, but I sure don't understand your question. I don't see anywhere in this code where it creates a file. I guess that you will need to develop 2 scripts, one that runs as the SYSTEM account, and another that runs as the user. The system script would need to execute and create "the file". The user script will need to execute and look for "the file" and then process it under the context of the user. It's impossible to provide a good answer without a lot more information. Maybe go back to wherever you copied the script from and ask the users there for help.

0 Votes 0 ·
PeterL-5191 avatar image PeterL-5191 MotoX80 ·

Hi MotoX80, thank you for the response.
The code I have included is the area of code that sets up the CimSession to create the VPN profile as the user. I was hoping to be able to adapt this to setup a CimSession that would allow me to run notepad and open a file as the user. I could have made this clearer.

0 Votes 0 ·

2 Answers

SethWH avatar image
0 Votes"
SethWH answered PeterL-5191 commented

I haven't been able to launch notepad under a specific user session using PowerShell. I still use psexec from sisinternals.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PeterL-5191 avatar image PeterL-5191 ·

Hi SethWH, thank you for the response. I'll investigate using psexec.

0 Votes 0 ·
PeterL-5191 avatar image
1 Vote"
PeterL-5191 answered

Another option, found here create-scheduled-task-run-as-logged-on-usewr Credit to Jonathan Walz. The code creates a scheduled task as the logged on user, runs the task, waits 5 seconds and deletes the task.

 $action = New-ScheduledTaskAction -Execute “notepad.exe” -Argument "FileNameLocation"
 $trigger = New-ScheduledTaskTrigger -AtLogOn
 $principal = New-ScheduledTaskPrincipal -UserId (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)
 $task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal
 Register-ScheduledTask Notepad -InputObject $task
 Start-ScheduledTask -TaskName Notepad
 Start-Sleep -Seconds 5
 Unregister-ScheduledTask -TaskName notepad -Confirm:$false





5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.