Patch My PC Feature and Application Request
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
Our policy blocks the interactive powershell console, and this causes the detection scripts in Software Center to fail and thus users cannot install PatchMyPC base installs. Can you add a "right click" option to modify the argument, specifically we want to add the parameter: -F
I have created a uservoice for this. Feel free to add some votes and share the idea out.
https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/40317604-detection-method-scripts-should-run-with-file
Hey All,
I was chatting with one of the developers on the ConfigMgr product group about this option. Today, there is no way for the detection method PowerShell script to be called with a -file from the appdiscovery thread of CCMEXEC. There's nothing we can do to control the way the detection method script execution since it's part of the SCCM client agent.
With that said, they seemed pretty optimistic that it could potentially be added in the future. Please submit a UserVoice feature idea for SCCM here: https://configurationmanager.uservoice.com/forums/300492-ideas. Please be very descriptive about the behavior you need for the way the application detection method script should be executed with the -file. Once you have the URL, please post it here, and I will follow up with the PG to see if we can get more traction on it.
(aka -File )
If we could have the ability to get a -F in there somehow, that'd be enormously helpful.
I also just ran some debugging. SCCM calls the detection method script using something like this:
"C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoLogo -Noninteractive -NoProfile -ExecutionPolicy Bypass "& 'C:\WINDOWS\CCM\SystemTemp\11a53fac-8144-438e-aa01-6d2378be848b.ps1'"
Hey,
Following up here. I just verified that we do launch any custom pre/post update scripts using -F. Please see the screenshot below. I will reach out to the ConfigMgr PG to see if they can provide any insights about the detection method script and how that gets executed.
We are simply supplying the detection method script to the console. The execution of the PowerShell script is handled by the AppDiscovery component of the SMS Agent Host.
I will update this post once I found out if there is any way to configure it to execute differently.
We will take a look. I'm not sure if we will have any control of how the SCCM client calls the PowerShell detection method scripts.
The checkbox idea is also a good one specifically for the -F
This would be an enormous help being able to customize the arguments as restricting access to the powershell console is something a lot of high security environments need to do, and signing isn't always the easiest thing to implement to work around this otherwise.
You are talking about the actual detection method script for the application and not custom pre/post update scripts?
If we can get a "checkbox" to add the -F parameter to every script going forward, removing any manual need to "right click" on each install, that'd be great. Thank you Patch My PC Team!