$ENV:USERNAME in SCCM Powershell script

Question

Ok, I saw a answer here about this very same question but I'm not understanding it and what is the next step. The original question What am I supposed to do if I want this line to work

$from = "$dirFiles\config.xml"
$to = "C:\Users\$env:USERNAME\AppData\Roaming\Folder\Folder\config.xml"
Copy-Item $from $to -recurse

since $env:username resolves into my computer name when deployed though SCCM. How and where am I supposed enter:

([Security.Principal.WindowsIdentity]::GetCurrent()).Name.replace("$ENV:USERDOMAIN\","")

Hope you understand me

edit** I found what I could use thanks to bluuf and Syberdoor who pointed me in the right direction

**$CurrentUser = (Get-LoggedOnUser).UserName**
$from = "$dirFiles\config.xml"
$to = "C:\Users\$CurrentUser\AppData\Roaming\Folder\Folder\config.xml"
Copy-Item $from $to -recurse

I'm trying to make powershell and SCCM copy a file to the Appdata user folder on the computer that the setup is running on. But I get the error that the folder C:\Users\"Computername"\ does not exist. So SCCM or powershell resolve the $env:USERNAME variable into the computer name not the logged in username. — jetmanus, Jan 19 '17 at 12:46
so the obvious question is, how do you expect it to be a username, if nobody is logged in? which user are you expecting to get? — 4c74356b41, Jan 19 '17 at 12:49
The deployment is set to install only if a user is logged in, so I'm hoping to get the logged in username — jetmanus, Jan 19 '17 at 13:27

score 0 · Accepted Answer · answered Jan 19 '17 at 14:45

0

By default SCCM programs are executed with the SYSTEM account of the current computer.

If this is a program from the package/program model what you have to do to change this is in the properties of the program go to "Environment" select "program can run: Only when a user is logged on" and "Run with user's rights" possibly also go to "Advanced" and select "When this program is assigned to a computer: Run once for every user who logs on"

If it's an application type you have to go to the properties for the Deployment Type and to "User Experience" and there change "Installation Behavior" to "Install for User".

This would be the SCCM internal method to do what you want. It of course also means you lose all admin rights and accesses as the context is now the logged on user's. Access to the userprofile should be no problem (the better environment variable would be $env:appdata btw) but you will also need readaccess to $dirFiles for every user.

A different approach (if this has only to be done once for all the computers) would be keeping the admin rights and instead of using the environment variable get all users with something like "gci C:\users" (minus public profile) and then with the admin replace all users files at once.

answered Jan 19 '17 at 14:45

Syberdoor

2,521
1
11
14

So basically it's not possible unless I give users admin rights – jetmanus Jan 19 '17 at 15:48
My guess is that you are taking a wrong approach to deal with this problem. There are multiple ways of getting the current logged on username (wmi class win32_computersystem for instance) even from the system account. Iterating over the c:\users folder and check for specific activity on a file or folder is also possible. One road leading to a dead end doesn't mean that something is not possible : it simply means you have to take another road (being either a detour or a shortcut). – bluuf Jan 19 '17 at 17:41
I do not think you would need admin rights to overwrite a file in the users profile. The users own these files, rights should be sufficient. What you need is access rights to $dirFiles and if those are not given you can probably use the distribution point to fix this for you. What @bluuf (and myself in the last paragraph) said is also true, an admin can access the other users, however this depends a lot on your setup whether that makes sense. Finally are you aware that copy (with admin priviliges) per user of one file is easily done with GPPs? – Syberdoor Jan 20 '17 at 07:29
Of couse :) it's not about admin rights my head was no in the right place there. – jetmanus Jan 20 '17 at 14:02
**`(Get-LoggedOnUser).UserName`** solved the problem `$CurrentUser = (Get-LoggedOnUser).UserName` was able to use the corrent user logged on – jetmanus Jan 20 '17 at 14:03
**Thanks for getting my head in the right direction :o)** – jetmanus Jan 20 '17 at 14:06

score 0 · Answer 2 · answered Jan 20 '17 at 09:31

0

I'm trying to answer the original question you asked: You can create your own variable to replace the $env:username. For example below I use $uu:

$from = "$dirFiles\config.xml"
$uu = (([Security.Principal.WindowsIdentity]::GetCurrent().Name) -split "\\")[1]
$to = "C:\Users\$uu\AppData\Roaming\Folder\Folder\config.xml"
Copy-Item $from $to -recurse

answered Jan 20 '17 at 09:31

Bifeng Dong - MSFT

398
2
6

Your reply makes no sense to me to be honest (no flame intended) : the poster isn't complaining about the username not working ; the problem is that the script runs under the system account so the AD Computer account - the username variable (and also the GetCurrent() method) will contain the AD useraccount since this is the useraccount that is running the script. – bluuf Jan 20 '17 at 12:18

score 0 · Answer 3 · answered Aug 11 '23 at 17:05

0

Use the wildcard * in place of any username variable that will indicate all contents of the users folder.

answered Aug 11 '23 at 17:05

DylanITguy

1

$ENV:USERNAME in SCCM Powershell script

3 Answers3