0

DEM Logon Task using Privilege Elevation

Recently we had to create a task which had to run at logon otherwise users were not able to start a business critical application.

In this case VMware Dynamic Environment Manager is used for the end user profile management.

So we created a Powershell script and tried to run this at logon. Unfortunately the script didn’t do what we were expecting. The script needed elevated permissions to run as expected.

VMware Dynamic Environment Manager provides an option to use Privilege Elevation for applications. With privilege elevation, a user can start certain pre-configured applications, which the User Environment Manager agent runs elevated on the local desktop, as if the user is a member of the administrators group.

To use the Privilege Elevation option we need an application but we are using a powershell script for the logon task. Fortunately there is tool called PS2EXE which converts Powershell scripts to an .exe file.

This tool and manual are available on this site:

PS2EXE: https://gallery.technet.microsoft.com/scriptcenter/PS2EXE-GUI-Convert-e7cb69d5

After converting the Powershell script to an executable with the PS2EXE utility it’s time to configure the Logon Task and the Privilege Elevation.

Create the Logon Task:

Create Privilege Elevation:

If necessary you could also add some conditions to the Logon Task or Privilege Elevation configuration.

This was our solution to start a Logon Task with elevated permissions.

Roderik de Block

 

 

 

 

    

rdeblock

Leave a Reply

Your email address will not be published. Required fields are marked *