• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

Applications Detection Method

Started by Carl87, August 14, 2019, 07:17:19 AM

Previous topic - Next topic

Carl87

Hi,
We are slowly introducing applications base install in our environment.
However we are facing issues with the detection method, as you may now SCCM powershell scripts detection method runs as user context for deployments user available.
In our environment for security reasons, we are restricting the usage of powershell and CMD.
So users who are not allowed to run powershell, can not go to the catalog and install applications where the detection method is a powershell script.
Do you have any alternative, or you can provide other detection method for applications (I generally use registry keys in most of my apps)
Thanks in advance

Justin Chalfant (Patch My PC)

Hey Carl,

We only support Powershell detection methods. We came across this issue where an application detection method runs under user-context even when the deployment type is set to Install Per SYSTEM. Seems like odd behavior to us and we are working with the Microsoft product group to try to understand if this is by design or could be changed.

One option would be to allow signed scripts or even scripts only signed by your code-signing certificate. I'm not entirely sure what method you are using to block it, but this would be the only workaround I can see with the current ConfigMgr execution behavior for user-based deployments.

Quote from: Carl87 on August 14, 2019, 07:17:19 AM
Hi,
We are slowly introducing applications base install in our environment.
However we are facing issues with the detection method, as you may now SCCM powershell scripts detection method runs as user context for deployments user available.
In our environment for security reasons, we are restricting the usage of powershell and CMD.
So users who are not allowed to run powershell, can not go to the catalog and install applications where the detection method is a powershell script.
Do you have any alternative, or you can provide other detection method for applications (I generally use registry keys in most of my apps)
Thanks in advance

Carl87

Hi Justin,

Do you have an update status, on the detection method subject ?
Do you know what plan microsoft has to fix this behaviour

Thanks in advance

Justin Chalfant (Patch My PC)

With regards to it executing under user-context? That will seems to be by design from the SCCM product group. We did fix some of the issues where you may get access denied due to the way that log was saved.

Quote from: Carl87 on October 30, 2019, 03:51:50 AM
Hi Justin,

Do you have an update status, on the detection method subject ?
Do you know what plan microsoft has to fix this behaviour

Thanks in advance