powershell - MDT Module Updating Media through JEA Endpoint fails adding BCD entry -

-

i running issue remotely updating mdt offline media on jea endpoint. error has permissions passed bcdedit , virtual account created jea (winrm user...). bcdedit returns

an error occurred while attempting specified create operation. security id may not assigned owner of object.

when trying update bcd file x64 boot config.

command:

invoke-command -computername $deploymentservername -configurationname mdtupdate -scriptblock {          new-psdrive -name "ds002" -psprovider mdtprovider -root "$using:localdeploymentsharefolder" -erroraction stop         update-mdtmedia -path "ds002:\media\media001" -verbose     } -credential $mdtcreds -erroraction stop

command mdt module runs:

'c:\program files (x86)\windows kits\10\assessment , deployment kit\deployment tools\amd64\bcdboot\bcdedit.exe' -store "c:\myvms\mdt\usb\content\boot\bcd" /create "{f31cce1a-e314-4481-9ac9-e519f65dff65}" -d "litetouch boot [media001] (x64)" -application osloader

error jea transcript:

verbose: error detected running command: 'c:\program files (x86)\windows kits\10\assessment , deployment kit\deployment tools\amd64\bcdboot\bcdedit.exe -store "c:\myvms\mdt\usb\content\content\boot\bcd" /create "{f31cce1a-e314-4481-9ac9-e519f65dff65}" -d "litetouch boot [media001] (x64)" -application osloader' exit code is: 1 verbose: error text is: error occurred while attempting specified create operation.  security id may not assigned owner of object. update-mdtmedia : bcdedit returned error. @ line:5 char:9 +         update-mdtmedia -path "ds002:\media\media001" -verbose +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (media001:string) [update-mdtmedia], deploymentpointexception     + fullyqualifiederrorid : bcdediterror,microsoft.bdd.pssnapin.generatemdtmedia

relevant information session config:

@{     schemaversion = '2.0.0.0'     sessiontype = 'default'     executionpolicy = 'unrestricted'     languagemode = 'fulllanguage'     transcriptdirectory = 'c:\jea\transcripts'     runasvirtualaccount = $true     roledefinitions = @{         'exampledomain\exampleuserorgroup' = @{             'rolecapabilities' = 'mdtupdate'           }      } }

relevant content role config:

@{ modulestoimport = 'c:\program files\microsoft deployment toolkit\bin\microsoftdeploymenttoolkit.psd1' visiblecmdlets = 'get-command','out-default','exit-pssession','measure-object','select-object','get-formatdata','start-transcript','stop-transcript','import-module','get-module','new-psdrive','write-output','update-mdtdeploymentshare','remove-item','update-mdtmedia','new-item','remove-psdrive' visibleproviders = 'filesystem', 'mdtprovider' visibleexternalcommands = 'bcdedit.exe' }

how can give bcdedit proper permissions when running under virtual account? or have drop jea , give service account local admin rights , run under default pssession?

the thing comes mind, make sure group account part of, has more read-only permissions. i've had case run powershell command, when came invoking non-powershell native program, give me permission issues.

the other thing besides use runas within script block, kinda goes against whole purpose of jea.


Comments

Post a Comment

Popular posts from this blog

ios - MKAnnotationView layer is not of expected type: MKLayer -

-
Image
so code works fine logger riddled message. there way rid of or suppress it? postannotation.swift class postannotation: mkpointannotation { //mark: properties let post: post //mark: initialization init(post: post) { self.post = post super.init() self.coordinate = cllocationcoordinate2d(latitude: post.latitude, longitude: post.longitude) self.title = post.title self.subtitle = post.timestring() } } adding annotation let annotation = postannotation(post: post) self.map.addannotation(annotation) func mapview func mapview(_ mapview: mkmapview, viewfor annotation: mkannotation) -> mkannotationview? { if annotation mkuserlocation { return nil } var annotationview = mapview.dequeuereusableannotationview(withidentifier: "pin") as? mkpinannotationview if annotationview == nil { annotationview = mkpinannotationview(annotation: annotation, reuseidentifier: "pin")
Read more

ZeroMQ on Windows, with Qt Creator -

-
i have installed zmq link given below on windows 7. http://zeromq.org/distro:microsoft-windows 1) have c++ project in qt-creator , i'm using zmq c++ binding (zhelpers.hpp etc). 2) have added .lib installed zmq folder qtcreator 3) while compiling, compiler looks _imp__zmq_verion, in .dll files present in .lib have __imp_zmq_version. 4) causing undefined reference zmq_version. anyone else faced problem , has solution ?
Read more

unity3d - Unity SceneManager.LoadScene quits application -

-
i have 2 different scenes 1 named 'main' , other 'game' both added scenes in load. when use scenemanager.loadscene("game"); works no problem when tried return main scene code if (input.getkeydown (keycode.escape)) { scenemanager.loadscene("main"); } strangely game quits. thanks. sorry interruption. somewhere on other script found code. if (input.getkeydown (keycode.escape)) { application.quit (); } that's bad, know...
Read more