Skip to main content

Hello,



I had successfully setup a required software policy for installing Zoom with customer options, but for some reason I cannot get any commands to work after the install occurs. For example the start-process command installs the MSI just fine with the arguments, but when I want to run a command after that e.g. starting the Zoom app via the start-process command. Is there something wrong with how the first process is ending and or causes powershell to just stop processing further commands? I have tried taking off -wait and -passthru and no change. Any help will be appreciated.



Start-Process -FilePath ‘msiexec.exe’ -ArgumentList (’/qn’, ‘/quiet’, ‘/norestart’, ‘MSIRESTARTMANAGERCONTROL=”Disable”’, ‘/i’, ‘“ZoomInstallerFull.msi”’,‘ZConfig=“nogoogle=1;nofacebook=1;DisableLoginWithEmail=1”’, ‘ZoomAutoStart=“true”’, ‘ZSSOHOST="******.zoom.us"’, ‘ZSILENTSTART=“true”’) -Wait -Passthru


Start-Process “C:\Program Files (x86)\Zoom\bin\Zoom.exe” -WindowStyle Minimized


exit

Edit: ignore what I said and read Rich’s reply below 🙂



I’m wondering if it’s because it’s a required software policy - can you try running the code in a worklet remediation block using the “Execute Now” function on the policy? That skips the evaluation code and just runs the remediation code block.


Hey guys,



I gave this a spin to see how it would behave. It looks like when zoom.exe is launched via the ‘NT Authority/SYSTEM’ user it doesn’t appear for the actively logged on user (assuming they’re not logging in as /SYSTEM 😕)



So the process is being kicked off, and should appear in your task manager, but your display doesn’t show it:



image



Unfortunately, I’m not current sure of a good way to launch this for the active user (short of a super complicated C# assembly).


@rich Thanks for the information. I will do a bit more digging and perhaps Zoom has a “secret” argument or way of making the app start /display for the actual user logged in. Appreciate the help!


I’m getting close to something, but you HAVE to know the user’s username for this to work. So the next step would be to find the username for the currently logged on user which is currently blocking me.



$execute = "C:\Program Files (x86)\Zoom\bin\Zoom.exe"

$time = (Get-Date).AddSeconds(30)

$triggerAt = New-ScheduledTaskTrigger -At $time -Once

$action = New-ScheduledTaskAction -Execute $execute

Register-ScheduledTask -TaskName "StartZoom" -Trigger $triggerAt -Action $action -User "TestUser"

Start-Sleep 31

Unregister-ScheduledTask -TaskName "StartZoom" -Confirm:$false



I’ve found the best way to test this is to run PowerShell ISE (x86) as the system user. You can launch it that way via PsExec (PSTools):



& \Path\To\PsExec.exe -i -s C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe



And refresh Task Scheduler to see the task get added, then deleted after it runs.



Executing in 30 seconds is arbitrary, and technically any amount of time should work. The reason for the sleep is to remove the scheduled task after it executes without a need to run a separate script.


I’ve used this code to successfully get the name of the currently logged in user on Windows:



$currentusr = (Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user


That’s clever. With that, this works as the remediation in a worklet. So appending this to the installation line in you RS Policy, it should work too.



$execute = "C:\Program Files (x86)\Zoom\bin\Zoom.exe"



$time = (Get-Date).AddSeconds(30)

$triggerAt = New-ScheduledTaskTrigger -At $time -Once

$action = New-ScheduledTaskAction -Execute $execute

$currentusr = (Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user



Register-ScheduledTask -TaskName "StartZoom" -Trigger $triggerAt -Action $action -User $currentusr

Start-Sleep 31

Unregister-ScheduledTask -TaskName "StartZoom" -Confirm:$false


Very interesting…When running the commands as ntauthority/system I get the error below. We are getting close. I will try to troubleshoot this error and see if there is a workaround.



Register-ScheduledTask : No mapping between account names and security IDs was done.


(15,8):UserId:


At line:6 char:1





  • Register-ScheduledTask -TaskName “StartZoom” -Trigger $triggerAt -Act …




  •   + CategoryInfo          : NotSpecified: (PS_ScheduledTask:Root/Microsoft/...S_ScheduledTask) eRegister-ScheduledTask], CimException

    + FullyQualifiedErrorId : HRESULT 0x80070534,Register-ScheduledTask





I saw that same error when I got the username wrong after -User


OK so I managed to fix the error with the the new code below instead to get the full username with the Domain. We use AzureAD, so AzureAD/Username is now working properly. However, when I run the command below it works 100% in Powershell ISE as nt authority\system, but Automox does not like running it… I will keep troubleshooting, but it “should” just work now.



Start-Process -FilePath ‘msiexec.exe’ -ArgumentList (’/qn’, ‘/quiet’, ‘/norestart’, ‘MSIRESTARTMANAGERCONTROL=”Disable”’, ‘/i’, ‘“ZoomInstallerFull.msi”’,‘ZConfig=“nogoogle=1;nofacebook=1;DisableLoginWithEmail=1”’, ‘ZoomAutoStart=“true”’, ‘ZSSOHOST="******.zoom.us"’, ‘ZSILENTSTART=“true”’) -Wait -Passthru


$action = New-ScheduledTaskAction -Execute “C:\Program Files (x86)\Zoom\bin\Zoom.exe”


$time = (Get-Date).AddSeconds(5)


$trigger = New-ScheduledTaskTrigger -At $time -Once


$principal = New-ScheduledTaskPrincipal -UserId (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)


$task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal


Register-ScheduledTask Zoom -InputObject $task


Start-ScheduledTask -TaskName Zoom


Start-Sleep -Seconds 10


Unregister-ScheduledTask -TaskName Zoom -Confirm:$false


Yeah I am chalking it up to a bug in Automox now as to how it processes powershell commands, unless there is something else going on. Automox comes back with errors when the same commands work just fine as the ntauthority/system using @rich 's method.



Failed to install software: At C:\ProgramData\amagent\execDir991866146\execcmd416493081.ps1:12 char:68 + … mInstance �?"ClassName Win32_ComputerSystem | Select-Object -expand U … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The string is missing the terminator: ". At C:\ProgramData\amagent\execDir991866146\execcmd416493081.ps1:17 char:56 + Unregister-ScheduledTask -TaskName Zoom -Confirm:$false + ~ Missing closing ‘)’ in expression. + CategoryInfo : ParserError: (🙂 &], ParentContainsErrorRecordException + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString


Your last one doesn’t work for me because this bit returns nothing:



Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName



So everything that depends on that blows up. I ran mine through both RS Policy and Worklet and they worked ok.



FWIW, each script runs against the local PowerShell installation, so if that differs in version or configuration, that could theoretically affect things differently. For example, Get-CimInstance isn’t going to work well in PS 4.x or lower. Not that that’s your problem here, but just as an example.



If you run this on your device, does it return nothing, or something incorrect?



$currentusr = (Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user



You could theoretically replace Get-WmiObject with Get-CimInstance here if preferred, but as of yet I haven’t found a property or method of the CimInstance response that contains the username.


This seems to work as a Cim counterpart. I could probably pipeline it to make it shorter, but it’s getting late here:



$explorerProc = Get-CimInstance -ClassName win32_process | Where-Object {$_.Name -match 'explorer'}

$user = (Invoke-CimMethod -InputObject $explorerProc -MethodName GetOwner).User


Success!!! Now Zoom installs via Automox, pulls the full user, azuread/username for the scheduled task user, and launches/re-launches zoom on install or update. Appreciate the help @rich and @Nic and I learned quite a bit about system/nt authority from this little project as well.



Start-Process -FilePath ‘msiexec.exe’ -ArgumentList (’/qn’, ‘/quiet’, ‘/norestart’, ‘MSIRESTARTMANAGERCONTROL=“Disable”’, ‘/i’, ‘“ZoomInstallerFull.msi”’,‘ZConfig=“nogoogle=1;nofacebook=1;DisableLoginWithEmail=1”’, ‘ZoomAutoStart=“true”’, ‘ZSSOHOST=“companyname.zoom.us”’, ‘ZSILENTSTART=“true”’) -Wait -Passthru



$execute = “C:\Program Files (x86)\Zoom\bin\Zoom.exe”


$time = (Get-Date).AddSeconds(20)


$triggerAt = New-ScheduledTaskTrigger -At $time -Once


$action = New-ScheduledTaskAction -Execute $execute


$currentusr = (get-wmiobject -Class Win32_Computersystem | select Username).username.ToLower()


Register-ScheduledTask -TaskName “StartZoom” -Trigger $triggerAt -Action $action -User “$currentusr”


Start-Sleep 25


Unregister-ScheduledTask -TaskName “StartZoom” -Confirm:$false


Glad you were able to get it working finally!


Can Zoom be updated for remote machines - im trying to update Zoom for close to 100 machines (from the older version to new version). I’m running the Powershell script as admin so it would be great if there any script or suggestion you could give.



Thanks


Zoom is one of the third party titles that Automox updates, so you can do that via a patching policy rather than a script.


Reply