Hit and miss results with a Powershell

nicksberger 2022-09-09 13:52:11 UTC #1

Any ideas when I run the ps1 manually, the output file is created, but when run through BigFix, majority of machines don’t write the output file ?

delete __createfile

// CREATEFILE
createfile until END_OF_FILE

Invoke-RestMethod -Uri “https://ip.zscaler.com” -OutFile “C:\Support\Zscaler\Zscaler.txt”

END_OF_FILE

move __createfile “C:\Support\Zscaler\zscaler.ps1”

override wait
hidden=true
runas=currentuser
wait { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File “C:\Support\Zscaler\zscaler.ps1”

JasonWalker 2022-09-09 14:00:35 UTC #2

No user logged on when the action ran, perhaps?
User not having permission to read/write the directory containing the script and log file?

nicksberger 2022-09-09 14:01:21 UTC #3

Tested both scenarios. User has perms and user logged in … weird …

baynes74 2022-09-09 14:17:56 UTC #4

Have you tried adding after your delete __createfile?

delete "C:\Support\Zscaler\zscaler.ps1"

nicksberger 2022-09-09 14:21:44 UTC #5

Yes, this is the test action.

if {not exists folder “C:\Support\Zscaler”}
dos cmd.exe /C mkdir "C:\Support\Zscaler"
endif

delete “C:\Support\Zscaler\Zscaler.txt”

delete __Download\zscaler.ps1

delete __createfile

// CREATEFILE
createfile until END_OF_FILE

Invoke-RestMethod -Uri “https://ip.zscaler.com” -OutFile “C:\Support\Zscaler\Zscaler.txt”

END_OF_FILE

move __createfile “C:\Support\Zscaler\zscaler.ps1”

delete “C:\Support\Zscaler\zscaler.ps1”

JasonWalker 2022-09-09 14:26:44 UTC #6

I tend to like wrapping in a CMD shell to capture the script output and error messages, that indicate the error.

Try

wait cmd.exe /c "{ pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File "C:\Support\Zscaler\zscaler.ps1" > c:\support\zscaler\output.log 2>&1"

nicksberger 2022-09-09 14:39:02 UTC #7

The current directory is invalid is what I get in the output, what directory is that referring to ?

JasonWalker 2022-09-09 16:44:54 UTC #8

Ah,that would be the __BESData\sitename folder, where the action starts. The normal user account doesn’t have access to the folder; I’m guessing some of your machines have had the permissions opened up, which may make those work.

Try changing out of that directory before launching PowerShell, as

wait cmd.exe /c “CD c:\Support\zscaler & { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File “C:\Support\Zscaler\zscaler.ps1” > c:\support\zscaler\output.log 2>&1”

nicksberger 2022-09-09 17:21:53 UTC #9

Still not working, maybe a syntax error. Will pursue next week. Appreciate your help so far.

JasonWalker 2022-09-09 17:51:52 UTC #10

Is it still the same error message, or something different this time?

Mike 2022-09-12 08:29:30 UTC #11

Here’s a few suggestions that might help:

Make sure your " marks are real " marks and not smart-quotes. If your not doing any string interpolations, single quotes tend to not get caught up as often with this “feature” of windows. What you pasted does have the smart quotes present.
Do you make use of a proxy in your environment? If so, it’s possible that running as current user does not automatically pick this up and add it to your environment. In this case, explicitly add -Proxy and -ProxyUseDefaultCredentials options to Invoke-RestMethod
Use the -UseBasicParsing switch with Invoke-RestMethod. Without it, the IE engine is called to parse the result and this can sometimes not work due to restrictions. Assuming here that if your using Invoke-RestMethod your URI returns back JSON or XML so there is no need to ask a full browser control to render the response to get the final DOM.
Verify that user has the correct filesystem rights to C:\Support\Zscaler. They will need read/write. If the file exists, it’s possible they do not have the ability to overwrite it.
When in doubt, try using Start-Transcript / Stop-Transcript. This will record every command taken by the script and log the end-result. Just start at the beginning of the script and stop before you end (passing in the path where to log of course). Very helpful if you can’t see what is outputted.
If your getting an error stating the current directory is invalid and it’s happening immediately even before the Invoke-RestMethod runs, it’s possible something in your user’s env references a mapped home directory which might not exists. Add the -NoProfile switch to the powershell.exe call to prevent it from trying to load the profile.

nicksberger 2022-09-12 14:10:58 UTC #12

@Mike thanks for your suggestions. @JasonWalker thanks for your input - appreciated.

Got results by running as system (not user), using the -Proxy and -ProxyUseDefaultCredentials options.

Mike 2022-09-13 08:14:39 UTC #13

Proxy configurations can be a pain sometimes. Glad the suggestions worked out for you.