Compartilhar via


Using PSExec to troubleshoot OpsMgr issues

For OpsMgr quite some people use the local system account as their Action Account. And if things are not working as expected you sometimes want to run a script or other actions under the local system account. I used to use the Task Scheduler to have scripts running under the Local System Account, but now I learned you can easily use the PSExec tool of SysInternals to do the same:-)

How does this work?

You can download the tool and install it on the systems you want to do your troubleshooting or just use the live share on https://live.sysinternals.com/

I created a quick and dirty PowerShell script that writes the owner of the PowerShell process to the PowerShell eventlog.

############################################################################################## # Write Owner of PowerShell Process to PowerShell Eventlog # Authors: Stefan Stranger # ScriptName: UserAccountDebugging.ps1 # v1.000 - 24/03/2010 - stefstr - initial sstranger's release (quick & dirty version)##############################################################################################

############################################################################################## #Function Write-EventLog($Description) # #Writes Owner of PowerShell process to PowerShell Eventlog. ############################################################################################## function Write-EventLog($Description) {     $source = "PowerShell(PowerShell)"     [string]$type = "Information"     [int]$eventid = 999         if(![System.Diagnostics.EventLog]::SourceExists($source))         {             [System.Diagnostics.EventLog]::CreateEventSource($source,'Windows PowerShell')         }         else          {                 $log = New-Object System.Diagnostics.EventLog                  $log.set_log("Windows PowerShell")                  $log.set_source($source)                 $log.WriteEntry($Description,$type,$eventid)         }

}

$processes = Get-WmiObject Win32_Process -Filter "name='powershell.exe'" $appendedprocesses = foreach ($process in $processes) {Add-Member -MemberType NoteProperty -Name Owner  -Value ($process.GetOwner().User) -InputObject $process -PassThru} $owners = ($appendedprocesses | select owner) foreach ($owner in $owners) {     $evtdescription = "PowerShell process is being run under the next account: "  + $owner.Owner     Write-EventLog $evtdescription }

# Do whatever you wanted to do in the PowerShell script for your OpsMgr environent

Write-Host "Hello World"

Save above script as UserAccountDebugging.ps1.

If we run the above script with our logged on user account we get the next result:

image

Result in Eventviewer

image

 

 

Now let’s start PSExec and run the PowerShell script with the local system account.

Open Command prompt (as Administrator) and type: psexec –i –d –s powershell.exe

image

Now a new PowerShell Window will be opened as Local System Account.

image

Let’s now run the PowerShell script again and check the owner of the PowerShell process. Close all PowerShell sessions first ;-)

image

image

 

 

 

Have fun using PSExec to debug OpsMgr Permissions issues with the local system account.