AMST-3675: Cannot Execute PowerShell Scripts to Windows 10 - Resolved in AirWatch 9.2

Version Identified

AirWatch Console 9.0, 9.1

 

Identifier

AMST-3675

 

Symptoms

When deploying PowerShell scripts to Windows 10 Desktop devices via Product Provisioning, the scripts download to the device but do not execute successfully. This affects all versions of the AirWatch Console where the VMware AirWatch Protection Agent version being deployed is 8.0 or 8.1.

 

Workaround

The PowerShell scripts added to the Files/Actions in your Product Provisioning package will not execute on the Windows 10 device.

The following workarounds are available:

  • Leverage a custom settings profile to execute single-line PowerShell commands
  • Attempt to leverage a batch (.BAT) file to achieve the same device configurations or leverage the file to execute your PowerShell script.

Example:

In the AirWatch console, add a new Custom Settings profile:

  1. Navigate to Devices > Profiles > List View > Add and select Add Profile.
  2. Select Windows and then select Windows Desktop.
  3. Select Device Profile to deploy the profile to the device context.
  4. Configure the profile's General These settings determine how the profile is deployed and who receives it.
  5. Select the Custom Settings payload, then select Configure.
  6. Switch the Target to AirWatch Protection Agent.
  7. In the Custom Settings field paste the following:
         <wap-provisioningdoc id="c14e8e45-792c-4ec3-88e1-be121d8c33dc" name="customprofile">
              <characteristic type="com.airwatch.winrt.powershellcommand" 
                   uuid="7957d046-7765-4422-9e39-6fd5eef38174">
              <parm name="PowershellCommand" value="CMD"/>
              </characteristic>
         </wap-provisioningdoc>
  8. Replace CMD with the PowerShell command you are wanting to execute on the device.

 

Note: The PowerShell command runs in System Context, you will not be able to execute commands which require User Context or leverage environment variables such as %USERNAME% or %HOMEPATH%, as they will return the results for System not User.

For instance, if we wanted to add a new Firewall rule we could paste the following into the Custom Settings field.

<wap-provisioningdoc id="c14e8e45-792c-4ec3-88e1-be121d8c33dc" name="customprofile">
     <characteristic type="com.airwatch.winrt.powershellcommand" uuid="7957d046-7765-4422-9e39-6fd5eef38174">
          <parm name="PowershellCommand" value="New-NetFirewallRule -DisplayName 'Block WINS' -Direction Inbound 
               -Action Block -RemoteAddress WINS"/>
     </characteristic>
</wap-provisioningdoc>

 

Fix Versions

AirWatch Console 9.2

Have more questions? Submit a request

0 Comments

Article is closed for comments.