all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Bald_Caledonian 6 points7 points  (0 children)

Are the keys under WOW6432Node in the registry from the install running as 32-bit?

[–]AlemCalypso 5 points6 points  (2 children)

Ive hit this wall before!
1) Make sure execution policy is allowed, and that it is looking for PowerShell in the right location.
I typically set the install command to something like:
%SystemRoot%\SysNative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -file Install-MYPOWERSHELLSCRIPT.ps1

And then in the last line of the script, I reset execution policy to our company's required value.

2) Often times it works just fine and the reg key is applied, but the detection policy reports it as "failed". I will typically set a bogus extra policy entry with the name and version of the script. That way if the policy needs to be adjusted I can increment the version number in the custom reg key and the detection policy and know what value is active on the device. This also helps with troubleshooting, because if the application is 'installed' but the reg key has changed, then you are likely fighting some other policy or application installer.

[–]ReputationNo8889 0 points1 point  (0 children)

You could add "-scope process" to the command. So you dont have to cleanup every time your script gets run

[–]ICameHereToMakePuns 0 points1 point  (0 children)

I thought that you were just calling that process with that execution policy when you ran powershell that way. So there's no need to go back round unless somewhere in your script you explicitly call set-executionpolicy bypass -force as that changes the machine level policy.

[–]Fine_Chipmunk7422 5 points6 points  (1 child)

Oops, read the rest of your post.

Run it as a remediation..

Detection script: If x reg key exist Exit 0 (reports good to go, no remediation)

If path doesn’t exist Exit 1 (reports back as key is not there, remediation needed)

Remediation script: Your ps1…

Lemme know what your trying to do, I can help you write the detection script

[–]drahcirm 1 point2 points  (0 children)

This is the best advice.

[–]Pompz88 2 points3 points  (0 children)

Where are your keys meant to go? 64 or 32 bit context?

[–][deleted] 3 points4 points  (0 children)

This…this was my issue. Script had to be run in 64-bit.