I have a complete powershell stops the UI on the endpoint then run a SQL script, then restarts the UI. It is launching the UI as System instead of current user account. The current code to launch the UI is
Write-Host "Restarting SubwayPOSBackOffice..."
try {
# Get current user context
$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# Start process as current user
$processInfo = New-Object System.Diagnostics.ProcessStartInfo
$processInfo.FileName = "C:\SubwayPOS\BackOffice\SubwayPOSBackOffice.exe"
$processInfo.UseShellExecute = $true
$processInfo.WindowStyle = [System.Diagnostics.ProcessWindowStyle]::Normal
[System.Diagnostics.Process]::Start($processInfo) | Out-Null
Write-Host "SubwayPOSBackOffice restarted successfully as user: $currentUser"
}
catch {
$errorMsg = "Failed to restart SubwayPOSBackOffice.exe: $($_.Exception.Message)"
Write-Error $errorMsg
if (Get-Command leafMessage -ErrorAction SilentlyContinue) {
leafMessage -EventType "ProcessStartError" -Message "Failed to restart SubwayPOSBackOffice.exe" -CustomJson -CustomData @{
executablePath = "C:\SubwayPOS\BackOffice\SubwayPOSBackOffice.exe"
error = $_.Exception.Message
user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
}
}
throw
}
When run through the local Powershell ISE, it works 100% of the time, another tool it works normal as well. But when running it via BigFix, with it being in the Action Script Type : Powershell, it only runs it as System, even though the powershell script is saying to run as current user.
Has anyone seen this behavior before, any suggestions of fixing it?
To my knowledge, there is no way to impersonate the current user in Powershell without either directly entering the current user’s password or without running Powershell as the current user.
If you convert the Powershell to action script, BigFix is able to impersonate the current user in action script. Try this:
// Create script
createfile until ENDOFSCRIPT
Write-Host "Restarting SubwayPOSBackOffice..."
try {{
# Get current user context
$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
# Start process as current user
$processInfo = New-Object System.Diagnostics.ProcessStartInfo
$processInfo.FileName = "C:\SubwayPOS\BackOffice\SubwayPOSBackOffice.exe"
$processInfo.UseShellExecute = $true
$processInfo.WindowStyle = [System.Diagnostics.ProcessWindowStyle]::Normal
[System.Diagnostics.Process]::Start($processInfo) | Out-Null
Write-Host "SubwayPOSBackOffice restarted successfully as user: $currentUser"
}
catch {{
$errorMsg = "Failed to restart SubwayPOSBackOffice.exe: $($_.Exception.Message)"
Write-Error $errorMsg
if (Get-Command leafMessage -ErrorAction SilentlyContinue) {{
leafMessage -EventType "ProcessStartError" -Message "Failed to restart SubwayPOSBackOffice.exe" -CustomJson -CustomData @{{
executablePath = "C:\SubwayPOS\BackOffice\SubwayPOSBackOffice.exe"
error = $_.Exception.Message
user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
}
}
throw
}
ENDOFSCRIPT
// Delete script if already detected to prevent errors w/ copy action
parameter "Script" = "{(pathname of client folder of current site) & "\__Download\OfficeShortcuts.ps1"}"
if {exists file (parameter "Script")}
delete "{(parameter "Script")}"
endif
// Copy script to path
copy __createfile "{(parameter "Script")}"
// Run script
override wait
runas = currentuser
wait powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "{parameter "Script"}"
// Cleanup
if {exists file (parameter "Script")}
delete "{(parameter "Script")}"
endif
Action script uses braces for relevance substition {} so any time you want to use an opening brace in PowerShell, you must escape it out using two opening braces {{. Put your PowerShell in a text editor and replace all { with {{.