I have finally had success using PowerShell detection scripts on clients with AllSigned
execution policy. (hint: It started working after installing the latest service pack and using Adam Meltzer's workaround.)
Now that it's practical to use PowerShell scripts for application detection, it makes me wonder the following things:
- In what context does the SCCM client run the PowerShell detection scripts? System? User?
- Does the context depend on whether you select "Install for user" or "Install for system" in the Deployment Type?
Documentation is pretty sparse on this topic. The best resource I have found for SCCM PowerShell detection scripts is this Kloud blog post, however, it is silent on the matter of context.
Empirical Results
I wrote some PowerShell that, when run as a detection script, dumps the environment variables that the detection script sees to a log file. That script is at the end of this answer.
I then cause this script to be run by the SCCM client by deploying a Deployment Type with different "Installation Behavior" and "Logon requirement" parameters. The results are in the table below:
unX
are usernamescnX
are computer namesAnalysis
The above results are surprising because the context that a detection script runs in seems to depend in part upon whether the Application was deployed to a user or a system. This was enough of a surprise that I ran the tests a second time. The results were consistent.
We can tentatively draw the following hypotheses from the table above:
The above three hypotheses are supported by the test results. There may well be some other variables that weren't tested where these hypotheses do not hold. They are, at least, a good set of initial assumptions when using PowerShell detection scripts.
Mismatched Contexts (Beware!)
Jason Sandys documented a similar test of the rules for installation context. If you read that post carefully, you might notice that the rules for installation context and detection script context are not quite the same. Here are the offending rules:
This means that an Application that has installation behavior “Install as system” and is deployed to a user collection will use the system context for installation, but the user context for detection.
Someone writing detection scripts for Applications where installation behavior is "Install as System" should be careful to avoid relying on any part of the environment that changes between the system and user contexts. Otherwise, detection of an Application deployed to a system collection may succeed while detection of the exact same Application deployed to a user collection fails.
Script