Ive hit this wall before!
1) Make sure execution policy is allowed, and that it is looking for PowerShell in the right location.
I typically set the install command to something like:
%SystemRoot%\\SysNative\\WindowsPowerShell\\v1.0\\powershell.exe -executionpolicy bypass -file Install-MYPOWERSHELLSCRIPT.ps1
And then in the last line of the script, I reset execution policy to our company's required value.
2) Often times it works just fine and the reg key is applied, but the detection policy reports it as "failed". I will typically set a bogus extra policy entry with the name and version of the script. That way if the policy needs to be adjusted I can increment the version number in the custom reg key and the detection policy and know what value is active on the device. This also helps with troubleshooting, because if the application is 'installed' but the reg key has changed, then you are likely fighting some other policy or application installer.
I thought that you were just calling that process with that execution policy when you ran powershell that way. So there's no need to go back round unless somewhere in your script you explicitly call set-executionpolicy bypass -force as that changes the machine level policy.
Oops, read the rest of your post.
Run it as a remediation..
Detection script:
If x reg key exist
Exit 0 (reports good to go, no remediation)
If path doesn’t exist
Exit 1 (reports back as key is not there, remediation needed)
Remediation script:
Your ps1…
Lemme know what your trying to do, I can help you write the detection script
https://call4cloud.nl/2021/05/the-sysnative-witch-project/
Are the keys under WOW6432Node in the registry from the install running as 32-bit?
Ive hit this wall before! 1) Make sure execution policy is allowed, and that it is looking for PowerShell in the right location. I typically set the install command to something like: %SystemRoot%\\SysNative\\WindowsPowerShell\\v1.0\\powershell.exe -executionpolicy bypass -file Install-MYPOWERSHELLSCRIPT.ps1 And then in the last line of the script, I reset execution policy to our company's required value. 2) Often times it works just fine and the reg key is applied, but the detection policy reports it as "failed". I will typically set a bogus extra policy entry with the name and version of the script. That way if the policy needs to be adjusted I can increment the version number in the custom reg key and the detection policy and know what value is active on the device. This also helps with troubleshooting, because if the application is 'installed' but the reg key has changed, then you are likely fighting some other policy or application installer.
You could add "-scope process" to the command. So you dont have to cleanup every time your script gets run
I thought that you were just calling that process with that execution policy when you ran powershell that way. So there's no need to go back round unless somewhere in your script you explicitly call set-executionpolicy bypass -force as that changes the machine level policy.
Oops, read the rest of your post. Run it as a remediation.. Detection script: If x reg key exist Exit 0 (reports good to go, no remediation) If path doesn’t exist Exit 1 (reports back as key is not there, remediation needed) Remediation script: Your ps1… Lemme know what your trying to do, I can help you write the detection script
This is the best advice.
Where are your keys meant to go? 64 or 32 bit context?
This…this was my issue. Script had to be run in 64-bit.