I am using a modified script to export the extensions a user has installed on their browser. I got it to run on my local machine as an administrator. It creates a CSV of the extensions and then is supposed to push it to a file share server. As an admin I can do this locally but when I push the script to Intune it seems to break.
The error I pull from my logs shows me this. I am not sure what permission I could be missing since I am admin on both systems and have complete access.
My only idea is that Intune runs the code in a separate directory than the one I specify.
<![LOG[[PowerShell] Fail, the details are {"Version":1,"SigningCode":649,"EncryptionCode":633,"SigningMsg":"(Success) AccountId:23a4e529-8d4a-4b13-936b-f2219c4fdc05,PolicyId:50e3bb39-e555-45d6-bedc-4ec27056f1b5,Type:1,Enforce: Enforcement1. OSVersion:10.0.19045,AgentVersion:1.77.112.0. ","EncryptMsg":"run in legacy mode","ExecutionMsg":"Copy-Item : Access is denied\r\nAt C:\\Program Files (x86)\\Microsoft Intune Management \r\nExtension\\Policies\\Scripts\\c6f32f80-ea57-4beb-8f7e-49ac55513f86_50e3bb39-e555-45d6-bedc-4ec27056f1b5.ps1:657 char:1\r\n+ Copy-Item -Path $Path -Destination $destinationFolderPath -Recurse -F ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [Copy-Item], UnauthorizedAccessException\r\n + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.CopyItemCommand\r\n \r\n\r\n"}]LOG]!><time="16:59:05.8654768" date="4-1-2024" component="IntuneManagementExtension" context="" type="3" thread="32" file="">
These are the portions I have added to get it to run on any system I drop it onto and run manually.
#Define network folder Path
$destinationFolderPath = "\\FAKE IP\\shared\\debug_data"
$SourcePath = "$env:USERPROFILE\\Documents\\Browser_Plugins"
# Extract the file path and remove ".ad" characters
$Path = $SourcePath -replace ".ad", ""
Write-Host "Modified path: $Path"
#If the path does not exist create it
if (-not (Test-Path -Path $Path)) {
New-Item -Path $Path -ItemType Directory -Force
}
This is the copy to different server section.
# get unique values for the CSVs, while sorting at the same time
#$SimplifiedExtensionDataCSV = $SimplifiedExtensionDataCSV | Sort-Object Username,BrowserEngine,BrowserCompany,BrowserName,ExtensionUnpacked,ExtensionID,ExtensionVersion,ExtensionEnabled -Unique
$ExtensionsOnlyCSV = $ExtensionsOnlyCSV | Sort-Object BrowserEngine,ExtensionURLs,ExtensionUnpacked,ExtensionVendor,ExtensionName,ExtensionID,ExtensionDescription -Unique
# export finialized data
#$OriginalExtensionDataJSON | ConvertTo-Json -Compress -Depth 100 | Out-File "${Path}${FILENAME_PRE}_original_${FILENAME_POST}.json" -Encoding utf8
#$SimplifiedExtensionDataCSV | Export-Csv -NoTypeInformation "${Path}${FILENAME_PRE}_simplified_${FILENAME_POST}.csv" -Encoding utf8
$ExtensionsOnlyCSV | Export-Csv -NoTypeInformation "${Path}${FILENAME_PRE}_only_${FILENAME_POST}.csv" -Encoding utf8
Write-Output "Data exported to folder: `"${Path}\`""
#Copy the data
Copy-Item -Path $Path -Destination $destinationFolderPath -Recurse -Force
# Display a message indicating successful copy
#Write-Host "Folder copied successfully to $destinationFolderPath."
When I upload the code to intune I expect it to run on the logged in user - which would be me in testing and run as an admin script in their directory. When I remove the copy portion it runs but I dont see the files - it says it succeeded in Intune. When I add the copy portion it errors out.
When I run it locally it runs perfectly fine on any machine, I put it on - I have to elevate to admin but it works as expected.
I ended up removing a portion in the script that said it needs to be run as admin. I assumed it was a comment but once it was removed the script ran fine via Intune.
#Requires -RunAsAdministrator