none
Set-FSRMFileGroup fails RRS feed

  • Question

  • All,
    I’m trying to run a simple bit of Powershell to automate a task. Here’s the Powershell.

    $safe_list = Get-Content C:\Scripts\Malware\Safelist.txt
    $block_list = Get-Content C:\Scripts\Malware\Blocklist.txt
    Set-FsrmFileGroup -Name "Anti-Ransomware File Groups" -IncludePattern ($block_list) -ExcludePattern ($safe_list)

    Nothing clever there, right? So here’s my problem. If I launch Powershell on the server2012R2 as administrator, it prompts for UAC and runs, no problem. The problem comes when I try to run the script as a scheduled task. Even run as NT_Authority\System and “Run with highest privledge”s ticked, the command

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

    With parameters

    -Execution-policy Unrestricted -file C:\Scripts\Malware\SetFSRMGroup.ps1

    fails to actually run (it gives every impression of running but terminates with a code of 2147942401 (0x80070001) and doesn’t update the FileGroup). Now, I’m not sure if this is because of UAC or that the SYSTEM account doesn’t have authority to the location that FSRM stores its file groups (I’ve also tried this as the local machine administrator and NT_Authority\LOCAL SERVICE accounts with the same results). I’ve done a quick trawl of the registry to see if FSRM stores the file groups there but it seems not.

    Now, if I can’t get this to run as a scheduled task, then this is of no practicable use to me; running it manually is not a path I’m going down (nor is disabling UAC). I'd assume that having provided the Powershell Command-lets MS would expect this sort of thing to be scripted. The question is how to elevate the script to run unattended without trying to bypass UAC. Any insights?

    Pete

    PS I don't think I'm trying to bypass UAC, I very much want this to work with UAC.

    • Moved by Bill_Stewart Monday, January 7, 2019 8:30 PM This is not Task Scheduler support forum
    Wednesday, November 14, 2018 2:41 PM

All replies

  • Your issue has nothing to do with PowerShell.  The task has been incorrectly created.

    start with:

    powershell /?

    read the parameters to understand how this should work.

    The parameters should be:

    -Executionpolicy Bypass -file C:\Scripts\Malware\SetFSRMGroup.ps1


    \_(ツ)_/

    Wednesday, November 14, 2018 2:55 PM
  • Thanks for the quick reply but even with

    -Executionpolicy Bypass -File c:\Scripts\Malware\SetFSRMGroup.ps1

    The script still runs but actually fails to apply. (I'm testing this by adding an *.pink entry into C:\Scripts\Malware\Safelist.txt running the task and seeing if it shows up in the FSRM file group entry).

    Pete

    Wednesday, November 14, 2018 3:31 PM
  • Delete the task and recreate it carefully as an admin with highest privileges.  Be sure admin account has access to all folders required.  Be sure the module is available to the admin account.

    The issue is not a scripting issue it is about how you are creating the task.  It is also possible that you have a corrupted tasks folder.


    \_(ツ)_/

    Wednesday, November 14, 2018 3:36 PM
  • Hello,

    Try this way:

    -Executionpolicy Bypass -Command c:\Scripts\Malware\SetFSRMGroup.ps1

    Wednesday, November 14, 2018 3:39 PM
  • JRV & Jebesta

    Okay, Ive deleted the task and recreated it. I've tried running it as the local administrator account. I've tried substituting -command for -file. Same result, it doesn't update the file group.

    I'm wondering if the FSRMFileGroups are stored in a protected location on the server and if I'm running up against UAC (and as the sticky says on this forum "you can't get around UAC"). That said, I'm still open to suggestions and ideas.

    Pete

    Wednesday, November 14, 2018 4:27 PM
  • There is no UAC under task scheduler.  THe option to run highest does that.

    Add error handling to your code and write the error to a file to see what is happening.  I suspect the Set is throwing an exception.  YOu can also detect the error and exit with a code which will show in task history.


    \_(ツ)_/

    Wednesday, November 14, 2018 4:43 PM
  • Okay, so now I'm confused. After a long day running various scenarios

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

    With parameters

    -ExecutionPolicy Bypass -Command C:\Scripts\Malware\SetFSRMGroup.ps1

    as <Local Machine>\Administrator works. Running the above as NT_Authority\System doesn't.

    Why? I've no idea but it does appear to work. Hopefully this thread will save some other poor soul the head scratching. That said the advice given has been useful at arriving at this point.

    Pete

    Wednesday, November 14, 2018 6:05 PM
  • THe machine account does not have permissions on other systems unless you grant it access.  The SYSTSEM account does not necessarily have permissions on your files either.  We generally do not use SYSTEM for remote or file operations unless we grant the permissions.  It is highly likely that the admin account has those permissions.


    \_(ツ)_/

    Wednesday, November 14, 2018 6:09 PM