Running Configuration Manager 2012 PowerShell scripts as a Service Account or Local System
The recent release of Microsoft System Center 2012 Configuration Manager Service Pack 1 introduced a PowerShell module that allows for the easy automation of Configuration Manager operational tasks. This provides good possibilities and opportunities for automating some of those repetitive daily tasks, but what happens when you need to schedule these cmdlets to run as a Service Account or under the Local System account?
Consider the following script:
It imports the new PowerShell module and then changes directory to the newly created Config Manager drive. When I run this script under my own user account,everything works as expected:
But when i run the same script as a Service Account, or as the Local System Account it no longer works!
A bit of further investigation reveals that the module has been imported, and the Config Manger Provider has been created, although the drive is not properly mounted.
So what is happening here? It turns out that the Configuration Manager PowerShell module is digitally signed, and the user running the script must install the certificate that the module was signed with before they can use it. This can be done be launching Config Manager as the user that will be running the script. To do this, right click on the Config Manager console and choose ‘Run as a different user’:
Once the Config Manager console has opened, then go to ‘Connect via Windows PowerShell’ :
PowerShell will start and ask you if you want to trust the software form this publisher:
If you choose to trust the content then the PowerShell module is imported and the Config Manager drive is created in PowerShell:
If I then go back to and re-run my script, this time I find that it works!
Alternatively, if you are trying to schedule scripts to run as the ’Local System’ Account then it is possible to manually install the certificate to solve this problem. Right click the PowerShell Module file ‘ConfigurationManager.psd1’ and choose ‘properties’ and then ‘Digital Signatures’. From here choose ‘Install Certificate’
Import the certificate into the ’Local Machine’ store
And place it in the ‘Trusted Publishers’ store.
Once the certificate is installed, the Local System account can now run the new Configuration Manager cmdlets!