Using PSExec to troubleshoot OpsMgr issues

March 24 2010, 4:29pm

As you probably know OpsMgr quite some people use the local system account as Action Account. And if things are not working as expected you sometimes want to run a script or other actions under the local system account. I used to use the Task Scheduler to have scripts running under the Local System Account, but now I learned you can easily use the PSExec tool of SysInternals to do the same:-) How does this work? You can download the tool and install it on the systems you want to do your troubleshooting or just use the live share on http://live.sysinternals.com/ I created a quick and dirty PowerShell script that writes the owner of the PowerShell process to the PowerShell eventlog.

######################################################################################## # Write Owner of PowerShell Process to PowerShell Eventlog # Authors: Stefan Stranger # ScriptName: UserAccountDebugging.ps1 # v1.000 - 24/03/2010 - stefstr - initial sstranger's release (quick & dirty version)

######################################################################################## #Function Write-EventLog($Description) # #Writes Owner of PowerShell process to PowerShell Eventlog. ############################################################################################## function Write-EventLog($Description) {     $source = "PowerShell(PowerShell)"     [string]$type = "Information"     [int]$eventid = 999         if(![System.Diagnostics.EventLog]::SourceExists($source))         {             [System.Diagnostics.EventLog]::CreateEventSource($source,'Windows PowerShell')         }         else          {                 $log = New-Object System.Diagnostics.EventLog                  $log.set_log("Windows PowerShell")                  $log.set_source($source)                 $log.WriteEntry($Description,$type,$eventid)         }

} $processes = Get-WmiObject Win32_Process -Filter "name='powershell.exe'" $appendedprocesses = foreach ($process in $processes) {Add-Member -MemberType NoteProperty -Name Owner  -Value ($process.GetOwner().User) -InputObject $process -PassThru} $owners = ($appendedprocesses | select owner) foreach ($owner in $owners) {     $evtdescription = "PowerShell process is being run under the next account: "  + $owner.Owner     Write-EventLog $evtdescription }

Do whatever you wanted to do in the PowerShell script for your OpsMgr environent

Write-Host "Hello World" Save above script as UserAccountDebugging.ps1. If we run the above script with our logged on user account we get the next result:

Result in Eventviewer

    Now let’s start PSExec and run the PowerShell script with the local system account. Open Command prompt (as Administrator) and type: psexec –i –d –s powershell.exe

Now a new PowerShell Window will be opened as Local System Account.

Let’s now run the PowerShell script again and check the owner of the PowerShell process. Close all PowerShell sessions first ;-)

      Have fun using PSExec to debug OpsMgr Permissions issues with the local system account.