Using PSExec to troubleshoot OpsMgr issues
For OpsMgr quite some people use the local system account as their Action Account. And if things are not working as expected you sometimes want to run a script or other actions under the local system account. I used to use the Task Scheduler to have scripts running under the Local System Account, but now I learned you can easily use the PSExec tool of SysInternals to do the same:-)
How does this work?
You can download the tool and install it on the systems you want to do your troubleshooting or just use the live share on https://live.sysinternals.com/
I created a quick and dirty PowerShell script that writes the owner of the PowerShell process to the PowerShell eventlog.
############################################################################################## # Write Owner of PowerShell Process to PowerShell Eventlog # Authors: Stefan Stranger # ScriptName: UserAccountDebugging.ps1 # v1.000 - 24/03/2010 - stefstr - initial sstranger's release (quick & dirty version)############################################################################################## ############################################################################################## #Function Write-EventLog($Description) # #Writes Owner of PowerShell process to PowerShell Eventlog. ############################################################################################## function Write-EventLog($Description) { $source = "PowerShell(PowerShell)" [string]$type = "Information" [int]$eventid = 999 if(![System.Diagnostics.EventLog]::SourceExists($source)) { [System.Diagnostics.EventLog]::CreateEventSource($source,'Windows PowerShell') } else { $log = New-Object System.Diagnostics.EventLog $log.set_log("Windows PowerShell") $log.set_source($source) $log.WriteEntry($Description,$type,$eventid) } } $processes = Get-WmiObject Win32_Process -Filter "name='powershell.exe'" $appendedprocesses = foreach ($process in $processes) {Add-Member -MemberType NoteProperty -Name Owner -Value ($process.GetOwner().User) -InputObject $process -PassThru} $owners = ($appendedprocesses | select owner) foreach ($owner in $owners) { $evtdescription = "PowerShell process is being run under the next account: " + $owner.Owner Write-EventLog $evtdescription } # Do whatever you wanted to do in the PowerShell script for your OpsMgr environent Write-Host "Hello World" |
Save above script as UserAccountDebugging.ps1.
If we run the above script with our logged on user account we get the next result:
Result in Eventviewer
Now let’s start PSExec and run the PowerShell script with the local system account.
Open Command prompt (as Administrator) and type: psexec –i –d –s powershell.exe
Now a new PowerShell Window will be opened as Local System Account.
Let’s now run the PowerShell script again and check the owner of the PowerShell process. Close all PowerShell sessions first ;-)
Have fun using PSExec to debug OpsMgr Permissions issues with the local system account.