Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Deploying New Local User Administrator - Powershell Digitally Signed Error

Hi all,

I'm trying to use PDQ to deploy a powershell script to create a new user and add to administrator group. When trying the script through PDQ deploy, it shows successful, but provides this output: 

File C:\windows\AdminArsenal\PDQDeployRunner\service-1\exec\Error Handling Wrap
per.ps1 cannot be loaded. The file C:\windows\AdminArsenal\PDQDeployRunner\serv
ice-1\exec\Error Handling Wrapper.ps1 is not digitally signed. The script will
not execute on the system. Please see "get-help about_signing" for more details

I thought that having: "PowerShell.exe -NoLogo -NonInteractive -ExecutionPolicy Bypass" would have passed the powershell lines no problem?

Any advice?

Thanks,

 

0

Comments

7 comments
Date Votes
  • Can you show your package step? Obfuscate sensitive data obvioiusly. That's strange behavior. The wrapper does pass the code with ExecutionPolicy set to Bypass by default, so that's a curious error. You might have to get with support on this one. What version are you on?

    0
  • Sure thing, super simplistic for now. Just trying to get this guy to run on a local test machine.

    Currently Running 13.2.0.0

    It doesn't seem like it's passing the Bypass syntax. I assumed that PDQ runs powershell with it defined?

     

    0
  • Hmm. I have the same version, and it works fine for me:

    I'd email support@pdq.com and they will get you taken care of! Sounds like something is amiss with your installation.

    0
  • Thanks for validating, that makes me feel more at easy. I was going crazy with the workarounds haha!

    0
  • We've seen issues in the past where Group Policy has restrictions setup to block unsigned scripts and -ExecutionPolicy Bypass gets thwarted by Group Policy. 

    0
  • Keep it simple if your PDQ Deploy is not accessible by others.
    Use CMD or a BAT!

    Replace username and Password and remove the < >

    net user <username> <password> /add
    net localgroup administratoren /add <username>
    wmic UserAccount where Name='<username>' set PasswordExpires=False

    First line creates the user with the password
    Second line adds the user to the localgroup admin
    Third turns off the Password expiration

    Example:

    Creating the user "NoPowerShell" with the Password "justcmd"

    net user NoPowerShell justcmd /add
    net localgroup administratoren /add NoPowerShell
    wmic UserAccount where Name='NoPowerShell' set PasswordExpires=False

    Thats all

    0
  • 0