override wait
hidden=true
runas=currentuser
wait { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File “C:\Support\Zscaler\zscaler.ps1”
override wait
hidden=true
runas=currentuser
wait { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File “C:\Support\Zscaler\zscaler.ps1”
I tend to like wrapping in a CMD shell to capture the script output and error messages, that indicate the error.
Try
wait cmd.exe /c "{ pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File "C:\Support\Zscaler\zscaler.ps1" > c:\support\zscaler\output.log 2>&1"
Ah,that would be the __BESData\sitename folder, where the action starts. The normal user account doesn’t have access to the folder; I’m guessing some of your machines have had the permissions opened up, which may make those work.
Try changing out of that directory before launching PowerShell, as
wait cmd.exe /c “CD c:\Support\zscaler & { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File “C:\Support\Zscaler\zscaler.ps1” > c:\support\zscaler\output.log 2>&1”
Make sure your " marks are real " marks and not smart-quotes. If your not doing any string interpolations, single quotes tend to not get caught up as often with this “feature” of windows. What you pasted does have the smart quotes present.
Do you make use of a proxy in your environment? If so, it’s possible that running as current user does not automatically pick this up and add it to your environment. In this case, explicitly add -Proxy and -ProxyUseDefaultCredentials options to Invoke-RestMethod
Use the -UseBasicParsing switch with Invoke-RestMethod. Without it, the IE engine is called to parse the result and this can sometimes not work due to restrictions. Assuming here that if your using Invoke-RestMethod your URI returns back JSON or XML so there is no need to ask a full browser control to render the response to get the final DOM.
Verify that user has the correct filesystem rights to C:\Support\Zscaler. They will need read/write. If the file exists, it’s possible they do not have the ability to overwrite it.
When in doubt, try using Start-Transcript / Stop-Transcript. This will record every command taken by the script and log the end-result. Just start at the beginning of the script and stop before you end (passing in the path where to log of course). Very helpful if you can’t see what is outputted.
If your getting an error stating the current directory is invalid and it’s happening immediately even before the Invoke-RestMethod runs, it’s possible something in your user’s env references a mapped home directory which might not exists. Add the -NoProfile switch to the powershell.exe call to prevent it from trying to load the profile.