Welcome to the community forums for Theopenem. All responses are provided by other users that wish to help out. Theopenem will not respond to these posts. If you require more assistance than what the community can provide, we offer various paid support options.

Running a script module with different than Default user

  • Hello, I have problem running a (powershell) script module under a different than "Default" user. The user is from a domain, the password is set correctly, however when I run a script module with this user, it does not work. When I just change the user to "Default", it works without any issue. There is no information why the execution failed, is there any option to turn on any more detailed log information?

    INFO [4] PolicyExecutor - Executing Policy 518cd8fb-5df4-447f-9d63-3fdbb6387c2a (Install Ev)
    DEBUG [4] PolicyExecutor - Evaluating Conditions For Install Ev
    DEBUG [4] PolicyExecutor - No Conditions Found For Module
    DEBUG [4] PolicyExecutor - Evaluating Conditions For Install Ev
    DEBUG [4] PolicyExecutor - No Conditions Found For Module
    INFO [4] ModuleScriptManager - Running Script Module: Install Ev
    DEBUG [4] ServiceImpersonationTask - Starting Impersonation Task
    DEBUG [4] ApiRequest - ProvisionedComm/Policy/GetImpersonationAccount/
    INFO [4] ModuleScriptManager - 267011
    INFO [4] ModuleScriptManager - Script Module: Install Ev Finished
    ERROR [4] PolicyExecutor - An Error Occurred In Module Install Ev
    ERROR [4] PolicyRunner - Aborting Current Policy

  • Did you enable impersonation access in you web.config file?

  • @theopenem_admin Yes, I did. There was a different error in the log before I did that. Unfortunately it did not help.

  • Is your username in netbios\user format?

  • @theopenem_admin Yes, it is. I've tried to re-enter it again to prevent a typo error, but the result is the same. The account is correct, working, enabled, I can log in with these credentials without any problems. Even from the target computer.

  • It would be very useful to know what error occured. Something more detailed than just "ERROR [4] PolicyExecutor - An Error Occurred In Module Install Ev"

  • Could be problem with scripts and impersonation account. I'm redoing how impersonation is handled in the next version. Currently it relies on task scheduler. It will directly impersonate the user through code in the next version, might need to wait for that. Have you tried running a command module, just as a test. Something like whoami

  • I think I see the issue. It looks like the user needs to have batch logon rights for this to work. When I implemented this feature, I must have used a user that already had admin privileges. The easiest way to get this permission is to add the user to the backup operators windows group. I'll add this in the next release, so the user gets added, the process runs, and then the user will get removed from the group.

  • @theopenem_admin Hello, thanks. So just to be clear - I should add that domain account to a local Backup operators group on each computer?

  • Yes. I wouldn't do it for all computers. I would do it as part of your policy.

    cmd module - add user to group
    script module - run your script as the impersonated user
    cmd module - remove user from group

    The commands are:
    net localgroup "backup operators" username /add

    net localgroup "backup operators" username /delete

    Put the entire command in the command module command field, don't use the arguments field.

  • @theopenem_admin Thanks, I will try that.

  • This is now fixed in 1.5.0.