Bigfix action executed but no result in windows machine

Hello All,

I’m running this actions in bigfix but it is not working (I got command succeded)

Wow64 redirection disabled. action uses wow64 redirection false
Command succeeded (Exit Code=0) waithidden “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -ExecutionPolicy Bypass -WindowStyle Hidden -file “c:\IBM\BDsv5.ps1”

the script is not being executed but if I executed using the same command by CMD or fixlet debugger it works.

Regards

Jose Osorio

Hi,

try this plz.

Wow64 redirection disabled. action uses wow64 redirection false

waithidden { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File "C:\*****\***.ps1"

I tried it a few minutes ago:

Command started - waithidden C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File “c:\IBM\BDsv5.ps1” (action:781875)
Command succeeded (Exit Code=0) waithidden C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File “c:\IBM\BDsv5.ps1” (action:781875)

it is still not wokring

This is likely more a problem with the powershell script than with bigfix. The script may not run correctly in the environment of the LocalSystem account.

Common issues we’ve seen here before include

  • there’s no user interface to the service account. If you’vre trying to popup a window, we won’t see it.
  • the LocalSystem account is not the same as a logged-on-user account. If you are dealing with the HKEY_CURRENT_USER registry path, Desktop folder, Documents folder, or something along those lines, get ready for complexity.

I don’t have enough information to try to guesswhat your powershell script is attempting.

it is not same with my sent. did you check ?

yes, I copy y paste what is in the log

in the acton I put this:

action uses wow64 redirection false

waithidden { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File “c:\IBM\bdsv5.ps1”

Hello Jason,

Yes, this is case:

  1. One script c:\IBM\bdsv4.ps1 (it has code to invoke sqlcmd to run query for databases per instance of sql server and it creates a single file with all of this information)

  2. As the fist script needs to run with a specific domain user account I created another ps script c:\IBM\sqlquery.ps1 to run the first script with that credentials:

$userName = “domain\user
$securePassword = ConvertTo-SecureString -String ‘password’ -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($userName, $securePassword)
$scriptFullName = "C:\IBM\BDsv4.ps1"
Start-Process powershell -WindowStyle ‘Hidden’ -ArgumentList ‘-file’, $scriptFullName -Credential $cred

if I run the script in powershell, dos or fixlet debugger it works but when I sent it by bigfix it doesn’t work

Regards

jo

Hello, as an update I noticed that my powershell script is not running as local system even if I configured it in the scheduled tasks.

When I changed it to run as another user it works.

In my case my script run as a another user.

Regards

jo

The easiest way to test programs running as LocalSystem is with psexec from https://microsoft.com/sysinternals

With that, you can run psexec -i -S cmd to open a command shell as the LocalSystem account, and then try executing your powershell.

1 Like

Hello Jason,

Yeas, that’s right. I didn’t think this script (which login as another user) doesn’t work as local system.

I order to work I had to the create a task scheduled and configured as the user in the script.

Regards
jo