Run Worklet outside NT AUTHORITY/SYSTEM Context

2 years ago
5 November 2021
2 replies
154 views

Alex_Labrosse
0 replies

Hey folks,

I’ve been working a worklet to enroll Windows 10 device in Autopilot using Graph API.

Mandatory “it works when run manually” but when testing in NTAUTHORITY/SYSTEM context via psexec, it fails. Specifically, when trying to install modules due to network access being heavily restricted in this account.

I could temporarily create a local administrator account, but I’m unsure as to how to run Automox-deployed worklets in another local user context.

Any pointers on how to run Worklets in another (local) user’s context?

Thanks!

2 replies

M

Can’t add much to actually answer the question, but did want to reply as I am also running into this issue. Scripts run fine in PS on my laptop, but when I run them through Automox I get no such luck.

Userlevel 5

+1

Use the worklet to create a scheduled task that runs in user context.

copy-item script.ps1 C:\windows\temp\script.ps1
$TaskStartTime = (Get-Date)
$SchedService = New-Object -ComObject Schedule.Service
$SchedService.Connect()
$Task = $SchedService.NewTask(0)
$Task.RegistrationInfo.Description = 'Description'
$Task.Settings.Enabled = $TaskSchd
$Task.Settings.AllowDemandStart = $true
$Task.Settings.WakeToRun = $true
$trigger = $Task.triggers.Create(1) # https://docs.microsoft.com/en-us/windows/win32/taskschd/triggercollection-create
$trigger.StartBoundary = $TaskStartTime.ToString("yyyy-MM-dd'T'HH:mm:ss")
$trigger.Enabled = $true
$action = $Task.Actions.Create(0)
$action.Path = "c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$action.Arguments = '-NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\windows\temp\script.ps1"'
$taskFolder = $SchedService.GetFolder('\')
$taskFolder.RegisterTaskDefinition("Task Name", $Task , 6, 'Users', $null, 4) | out-null

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded