I have made a power shell script which loads pageant (a windows SSH authentication agent) with my private keys. In short the script isn't much more than the following two lines:
$tool = "pageant.exe"
&$tool $files.ToArray()
$files is a list of strings which contains all my private keys which must be loaded.
I have no problem with the working of the script because it does its job perfectly when I execute this from my powershell console.
I want to execute this script whenever I logon to my account and I do this by adding a powershell logon script group policy with the group policy editor (gpedit.msc), the script also executes and in fact does load the pageant.exe tool.
However the tools utilising the pageant.exe tool (putty and plink) does not work. It doesn't recognizes the pageant authentication agent.
So my first question is, what is the difference between starting the script from my own powershell console and starting the script from a group policy (logon script)?
I also have dome some investigation and I see a couple of differences. The first is thing is that the started pageant tool has a UAC Virtualization flag in my task manager when I start the script from my own console. This property isn't flagged when it's started from the logon script group policy.
The second thing is that when I disable the UAC the script does work from the logon script group policy. So I assume it has something to do with the UAC but I don't know how to solve this. I want the script to work when the UAC is enabled as well.
The second question what is this UAC virtualization flag and how does it influence the working of a process? The third and last question is how can I get my script working?
For completeness I added the answers to my own questions.
What is the difference between starting the script from my own powershell console and starting the script from a group policy (logon script)?
A: The difference comes from the fact that my user is part of the Administrator group which will run the script with elevated rights. When you logon as a administrator, Windows will generate a standard user access token and a administrators access token. The last token will be used to run programs with elevated rights (this is without UAC virtualization). Now when I start the script from my own powershell console, which is started with the standard access token, the started pageant is run with UAC virtualization. If the tools which use pageant run with a different mode, then my problem occurs.
What is this UAC virtualization flag and how does it influence the working of a process?
A: Check out this link.
How can I get my script to work?
A: You can use the solution provided by Kate Gregory (do not check run with highest privilege option) or add a batch file to your startup folder which runs the powershell script. This will run the script with the standard user access token and with UAC virtualization enabled.