DEM Logon Task using Privilege Elevation

Recently we had to create a task which had to run at logon otherwise users were not able to start a business critical application.

In this case VMware Dynamic Environment Manager is used for the end user profile management.

So we created a Powershell script and tried to run this at logon. Unfortunately the script didn’t do what we were expecting. The script needed elevated permissions to run as expected.

VMware Dynamic Environment Manager provides an option to use Privilege Elevation for applications. With privilege elevation, a user can start certain pre-configured applications, which the User Environment Manager agent runs elevated on the local desktop, as if the user is a member of the administrators group.

To use the Privilege Elevation option we need an application but we are using a powershell script for the logon task. Fortunately there is tool called PS2EXE which converts Powershell scripts to an .exe file.

This tool and manual are available on this site:

PS2EXE: https://gallery.technet.microsoft.com/scriptcenter/PS2EXE-GUI-Convert-e7cb69d5

After converting the Powershell script to an executable with the PS2EXE utility it’s time to configure the Logon Task and the Privilege Elevation.

Create the Logon Task:

Create Privilege Elevation:

If necessary you could also add some conditions to the Logon Task or Privilege Elevation configuration.

This was our solution to start a Logon Task with elevated permissions.

Roderik de Block






Roderik de Block


  1. You should be able to eliminate the exe wrapping requirement by using the “Argument-based elevation application” option for Privilege Elevation in combination. That will trigger elevation based on the path/arguments combination, allowing you to leverage powershell.exe with the appropriate arguments to execute the script.

Leave a Reply

Your email address will not be published. Required fields are marked *