Search code examples
powershellenvironment-variablesadministratorsccmnon-admin

$ENV:USERNAME in SCCM Powershell script

Ok, I saw a answer here about this very same question but I'm not understanding it and what is the next step. The original question What am I supposed to do if I want this line to work

$from = "$dirFiles\config.xml"
$to = "C:\Users\$env:USERNAME\AppData\Roaming\Folder\Folder\config.xml"
Copy-Item $from $to -recurse

since $env:username resolves into my computer name when deployed though SCCM. How and where am I supposed enter:

([Security.Principal.WindowsIdentity]::GetCurrent()).Name.replace("$ENV:USERDOMAIN\","")

Hope you understand me

edit** I found what I could use thanks to bluuf and Syberdoor who pointed me in the right direction

**$CurrentUser = (Get-LoggedOnUser).UserName**
$from = "$dirFiles\config.xml"
$to = "C:\Users\$CurrentUser\AppData\Roaming\Folder\Folder\config.xml"
Copy-Item $from $to -recurse
Solution

  • By default SCCM programs are executed with the SYSTEM account of the current computer.

    If this is a program from the package/program model what you have to do to change this is in the properties of the program go to "Environment" select "program can run: Only when a user is logged on" and "Run with user's rights" possibly also go to "Advanced" and select "When this program is assigned to a computer: Run once for every user who logs on"

    If it's an application type you have to go to the properties for the Deployment Type and to "User Experience" and there change "Installation Behavior" to "Install for User".

    This would be the SCCM internal method to do what you want. It of course also means you lose all admin rights and accesses as the context is now the logged on user's. Access to the userprofile should be no problem (the better environment variable would be $env:appdata btw) but you will also need readaccess to $dirFiles for every user.

    A different approach (if this has only to be done once for all the computers) would be keeping the admin rights and instead of using the environment variable get all users with something like "gci C:\users" (minus public profile) and then with the admin replace all users files at once.