Edit: ignore what I said and read Rich’s reply below 🙂
I’m wondering if it’s because it’s a required software policy - can you try running the code in a worklet remediation block using the “Execute Now” function on the policy? That skips the evaluation code and just runs the remediation code block.
Hey guys,
I gave this a spin to see how it would behave. It looks like when zoom.exe is launched via the ‘NT Authority/SYSTEM’ user it doesn’t appear for the actively logged on user (assuming they’re not logging in as /SYSTEM 😕)
So the process is being kicked off, and should appear in your task manager, but your display doesn’t show it:
Unfortunately, I’m not current sure of a good way to launch this for the active user (short of a super complicated C# assembly).
@rich Thanks for the information. I will do a bit more digging and perhaps Zoom has a “secret” argument or way of making the app start /display for the actual user logged in. Appreciate the help!
I’m getting close to something, but you HAVE to know the user’s username for this to work. So the next step would be to find the username for the currently logged on user which is currently blocking me.
$execute = "C:\Program Files (x86)\Zoom\bin\Zoom.exe"
$time = (Get-Date).AddSeconds(30)
$triggerAt = New-ScheduledTaskTrigger -At $time -Once
$action = New-ScheduledTaskAction -Execute $execute
Register-ScheduledTask -TaskName "StartZoom" -Trigger $triggerAt -Action $action -User "TestUser"
Start-Sleep 31
Unregister-ScheduledTask -TaskName "StartZoom" -Confirm:$false
I’ve found the best way to test this is to run PowerShell ISE (x86) as the system user. You can launch it that way via PsExec (PSTools):
& \Path\To\PsExec.exe -i -s C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
And refresh Task Scheduler to see the task get added, then deleted after it runs.
Executing in 30 seconds is arbitrary, and technically any amount of time should work. The reason for the sleep is to remove the scheduled task after it executes without a need to run a separate script.
I’ve used this code to successfully get the name of the currently logged in user on Windows:
$currentusr = (Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user
That’s clever. With that, this works as the remediation in a worklet. So appending this to the installation line in you RS Policy, it should work too.
$execute = "C:\Program Files (x86)\Zoom\bin\Zoom.exe"
$time = (Get-Date).AddSeconds(30)
$triggerAt = New-ScheduledTaskTrigger -At $time -Once
$action = New-ScheduledTaskAction -Execute $execute
$currentusr = (Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user
Register-ScheduledTask -TaskName "StartZoom" -Trigger $triggerAt -Action $action -User $currentusr
Start-Sleep 31
Unregister-ScheduledTask -TaskName "StartZoom" -Confirm:$false
Very interesting…When running the commands as ntauthority/system I get the error below. We are getting close. I will try to troubleshoot this error and see if there is a workaround.
Register-ScheduledTask : No mapping between account names and security IDs was done.
(15,8):UserId:
At line:6 char:1
I saw that same error when I got the username wrong after -User
OK so I managed to fix the error with the the new code below instead to get the full username with the Domain. We use AzureAD, so AzureAD/Username is now working properly. However, when I run the command below it works 100% in Powershell ISE as nt authority\system, but Automox does not like running it… I will keep troubleshooting, but it “should” just work now.
Start-Process -FilePath ‘msiexec.exe’ -ArgumentList (’/qn’, ‘/quiet’, ‘/norestart’, ‘MSIRESTARTMANAGERCONTROL=”Disable”’, ‘/i’, ‘“ZoomInstallerFull.msi”’,‘ZConfig=“nogoogle=1;nofacebook=1;DisableLoginWithEmail=1”’, ‘ZoomAutoStart=“true”’, ‘ZSSOHOST="******.zoom.us"’, ‘ZSILENTSTART=“true”’) -Wait -Passthru
$action = New-ScheduledTaskAction -Execute “C:\Program Files (x86)\Zoom\bin\Zoom.exe”
$time = (Get-Date).AddSeconds(5)
$trigger = New-ScheduledTaskTrigger -At $time -Once
$principal = New-ScheduledTaskPrincipal -UserId (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)
$task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal
Register-ScheduledTask Zoom -InputObject $task
Start-ScheduledTask -TaskName Zoom
Start-Sleep -Seconds 10
Unregister-ScheduledTask -TaskName Zoom -Confirm:$false
Yeah I am chalking it up to a bug in Automox now as to how it processes powershell commands, unless there is something else going on. Automox comes back with errors when the same commands work just fine as the ntauthority/system using @rich 's method.
Failed to install software: At C:\ProgramData\amagent\execDir991866146\execcmd416493081.ps1:12 char:68 + … mInstance �?"ClassName Win32_ComputerSystem | Select-Object -expand U … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The string is missing the terminator: ". At C:\ProgramData\amagent\execDir991866146\execcmd416493081.ps1:17 char:56 + Unregister-ScheduledTask -TaskName Zoom -Confirm:$false + ~ Missing closing ‘)’ in expression. + CategoryInfo : ParserError: (🙂 &], ParentContainsErrorRecordException + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString
Your last one doesn’t work for me because this bit returns nothing:
Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName
So everything that depends on that blows up. I ran mine through both RS Policy and Worklet and they worked ok.
FWIW, each script runs against the local PowerShell installation, so if that differs in version or configuration, that could theoretically affect things differently. For example, Get-CimInstance isn’t going to work well in PS 4.x or lower. Not that that’s your problem here, but just as an example.
If you run this on your device, does it return nothing, or something incorrect?
$currentusr = (Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user
You could theoretically replace Get-WmiObject with Get-CimInstance here if preferred, but as of yet I haven’t found a property or method of the CimInstance response that contains the username.
This seems to work as a Cim counterpart. I could probably pipeline it to make it shorter, but it’s getting late here:
$explorerProc = Get-CimInstance -ClassName win32_process | Where-Object {$_.Name -match 'explorer'}
$user = (Invoke-CimMethod -InputObject $explorerProc -MethodName GetOwner).User
Success!!! Now Zoom installs via Automox, pulls the full user, azuread/username for the scheduled task user, and launches/re-launches zoom on install or update. Appreciate the help @rich and @Nic and I learned quite a bit about system/nt authority from this little project as well.
Start-Process -FilePath ‘msiexec.exe’ -ArgumentList (’/qn’, ‘/quiet’, ‘/norestart’, ‘MSIRESTARTMANAGERCONTROL=“Disable”’, ‘/i’, ‘“ZoomInstallerFull.msi”’,‘ZConfig=“nogoogle=1;nofacebook=1;DisableLoginWithEmail=1”’, ‘ZoomAutoStart=“true”’, ‘ZSSOHOST=“companyname.zoom.us”’, ‘ZSILENTSTART=“true”’) -Wait -Passthru
$execute = “C:\Program Files (x86)\Zoom\bin\Zoom.exe”
$time = (Get-Date).AddSeconds(20)
$triggerAt = New-ScheduledTaskTrigger -At $time -Once
$action = New-ScheduledTaskAction -Execute $execute
$currentusr = (get-wmiobject -Class Win32_Computersystem | select Username).username.ToLower()
Register-ScheduledTask -TaskName “StartZoom” -Trigger $triggerAt -Action $action -User “$currentusr”
Start-Sleep 25
Unregister-ScheduledTask -TaskName “StartZoom” -Confirm:$false
Glad you were able to get it working finally!
Can Zoom be updated for remote machines - im trying to update Zoom for close to 100 machines (from the older version to new version). I’m running the Powershell script as admin so it would be great if there any script or suggestion you could give.
Thanks
Zoom is one of the third party titles that Automox updates, so you can do that via a patching policy rather than a script.
