Bauer Posted September 24, 2015 Report post Posted September 24, 2015 I'm trying to use a PowerShell script to verify the installation of an application deployment, but so far it hasn't worked well. I've never had any issues with the detection rules, but I'm quite new to SCCM, and this is the first time I'm using PowerShell to do it. The application is deployed to computers, it is installed for system, and whether the user is logged in or not (although I've been logged in for the most part I've attempted to solve this). The detection script works fine when run manually; it does some checks and then if it succeeds it runs Write-Host 'Installed', and as far as I've understood it, that's all it should take. I've tried a couple other things, like using return, just in case I misunderstood, but this doesn't seem to be the issue. I have tried to change the execution policy on the client computers. The value is stored in the HKLM so I assume it's not context related with regards to user, unless there's some special execution policy for SCCM. I have, just in case, tried to sign the detection method script as well, with no luck (I used open when fetching the script instead of pasting it in the text field, to be clear). The following error (currently) shows up even if I set execution policy to unrestricted, and regardless of whether the script is signed or not. It should be noted that I haven't had any issues with the installation script for the very same application, which is also a PowerShell script. AppIntent.log: <![LOG[ScopeId_54761859-29CE-43B8-9BEE-B88049CB81CB/DeploymentType_d02b19f5-fc3c-4474-a737-f60fc632dfb7/24 :- Current State = Error, Applicability = Unknown, ResolvedState = None, ConfigureState = NotNeeded, Title = MySoftware]LOG]!><time="10:01:30.360-120" date="09-24-2015" component="AppIntentEval" context="" type="1" thread="4068" file="appconstructs.cpp:2357"> <![LOG[ScopeId_54761859-29CE-43B8-9BEE-B88049CB81CB/Application_8aa515e3-1cb7-401d-8b54-8d80ea8253d9/37 :- Current State = Error, Applicability = Unknown, ResolvedState = None, ConfigureState = NotNeeded, Title = MySoftware]LOG]!><time="10:01:30.360-120" date="09-24-2015" component="AppIntentEval" context="" type="1" thread="4068" file="appconstructs.cpp:3057"> AppDiscovery.log: <![LOG[Entering ExecQueryAsync for query "select * from CCM_AppDeliveryType where (AppDeliveryTypeId = "ScopeId_54761859-29CE-43B8-9BEE-B88049CB81CB/DeploymentType_d02b19f5-fc3c-4474-a737-f60fc632dfb7" AND Revision = 25)"]LOG]!><time="10:04:09.403-120" date="09-24-2015" component="AppDiscovery" context="" type="1" thread="5060" file="appprovider.cpp:406"> <![LOG[ Performing detection of app deployment type MySoftware(ScopeId_54761859-29CE-43B8-9BEE-B88049CB81CB/DeploymentType_d02b19f5-fc3c-4474-a737-f60fc632dfb7, revision 25) for system.]LOG]!><time="10:04:09.406-120" date="09-24-2015" component="AppDiscovery" context="" type="1" thread="5060" file="appprovider.cpp:2148"> <![LOG[ In-line script returned error output: & : File C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3c51ada3.ps1 can not be loaded. The file C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3 c51ada3.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy , see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170 . At line:1 char:3 + & 'C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3c51ada3.ps1' + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: ( [], PSSecurityException + FullyQualifiedErrorId : UnauthorizedAccess ]LOG]!><time="10:04:09.819-120" date="09-24-2015" component="AppDiscovery" context="" type="2" thread="5060" file="appexcnlib.cpp:1022"> <![LOG[Script Execution returned error message: & : File C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3c51ada3.ps1 can not be loaded. The file C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3 c51ada3.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy , see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170 . At line:1 char:3 + & 'C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3c51ada3.ps1' + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: ( [], PSSecurityException + FullyQualifiedErrorId : UnauthorizedAccess , ExitCode: 1]LOG]!><time="10:04:09.819-120" date="09-24-2015" component="AppDiscovery" context="" type="2" thread="5060" file="scripthandler.cpp:473"> <![LOG[ Script Execution Returned :1, Error Message: & : File C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3c51ada3.ps1 can not be loaded. The file C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3 c51ada3.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy , see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170 . At line:1 char:3 + & 'C:\Windows\CCM\SystemTemp\803c4b19-c156-4d0d-b65d-6d3e3c51ada3.ps1' + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: ( [], PSSecurityException + FullyQualifiedErrorId : UnauthorizedAccess . [AppDT Id: ScopeId_54761859-29CE-43B8-9BEE-B88049CB81CB/DeploymentType_d02b19f5-fc3c-4474-a737-f60fc632dfb7, Revision: 25]]LOG]!><time="10:04:09.820-120" date="09-24-2015" component="AppDiscovery" context="" type="3" thread="5060" file="scripthandler.cpp:506"> <![LOG[CScriptHandler::DiscoverApp failed (0x87d00327).]LOG]!><time="10:04:09.822-120" date="09-24-2015" component="AppDiscovery" context="" type="3" thread="5060" file="scripthandler.cpp:546"> <![LOG[Deployment type detection failed with error 0x87d00327.]LOG]!><time="10:04:09.822-120" date="09-24-2015" component="AppDiscovery" context="" type="3" thread="5060" file="appprovider.cpp:2203"> <![LOG[Failed to perform detection of app deployment type MySoftware(MySoftware, revision 25) for system. Error 0x87d00327]LOG]!><time="10:04:09.822-120" date="09-24-2015" component="AppDiscovery" context="" type="3" thread="5060" file="appprovider.cpp:545"> AppEnforce.log is currently void of any references to "MySoftware". Quote Share this post Link to post Share on other sites More sharing options...
Nyhuus Posted September 24, 2015 Report post Posted September 24, 2015 EDIT: Forget my suggestion, i just realised that i missed the part where you tell you have allready tried the executionpolicy It sounds like the Execution Policy on the machine is perventing it from running. You are try to set it manually on the machine by opening a administrative powershell and write; Set-Executionpolicy ByPass We do set it via the client settings in SCCM 2012, in the "Computer agent" section, there is a "powershell execution policy" option. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted September 24, 2015 Report post Posted September 24, 2015 Why are you using PowerShell for this, when you can use the native detection method, would it be simpler? Quote Share this post Link to post Share on other sites More sharing options...
NickolajA Posted September 24, 2015 Report post Posted September 24, 2015 Unless you're only playing around with a script as a detection method, go ahead. But if it's for a MSI / EXE / whatever kind of software installation, I'd attempt to create a detection method by using the built in options first. Also, if you're using the script based method, remember to use e.g. Write-Output "True" only when if the script has detected that the software installation has successfully been installed. Explained more in detail here: http://blog.kloud.com.au/2014/08/12/powershell-detection-method-for-sccm-2012-application-compliance-management/ Quote Share this post Link to post Share on other sites More sharing options...
pembertj Posted September 24, 2015 Report post Posted September 24, 2015 Here is an example of something we have used on our campus. Going from this posting here: https://technet.microsoft.com/en-us/library/gg682159.aspx go to step 4 and expand and then go to "To use a custom script to determine the presence of a deployment type" and expand Success = write something to host and exit 0 failure = clear host and exit 0 ---------------------- $ini2 = Get-Content "C:\Program Files (x86)\ImageNow6\imagenow.ini" If ($ini2 -match "image02.xxx.xxx") { Write-Host "installed" Exit 0 } Else { Clear-Host Exit 0 } Quote Share this post Link to post Share on other sites More sharing options...
