In our Windows Service code, we execute a command line that execute a powershell script.
The powershell script is basic, it created a file, the file name is a timestamp.
My problem is that the file is not created, I dont see errors on Event Viewer (I would expect security/permission errors).
When I look in Event Viewer under “PowerShell” I can see the following rows:
Provider "Registry" is Started.
Provider "Alias" is Started.
Provider "Environment" is Started.
Provider "FileSystem" is Started.
Provider "Function" is Started.
Provider "Variable" is Started.
Engine state is changed from None to Available.
Engine state is changed from Available to Stopped.
The path for the exe is valid, Is there a way to troubleshoot it?
These log lines probably means that powershell was executed successfully, so the problem maybe not be in powershell itself.
I thought about the next:
- run procmon and make sure powershell is started
- make sure all permissions are ok, user has permission to execute the file, to write to target dir etc.
- make a simple script, or just open powershell with sleep for 2 minutes and check the process is up.
- Maybe there is a security policy that is blocking ? If so, why the powershell logs are being written.
This is the output of 1 sample event viewer:
Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.3053
HostId=2289b4be-cd08-4b9f-a697-f600b5b08e84
HostApplication=PowerShell.exe -ExecutionPolicy Bypass D:\Scripts\Protect_Nothing.ps1 7.6
155
Test de script Powershell vide pour Windows
15/11/2019 16:16:08
15/11/2019 16:01:52
XXX.local\svc_admin
D:\Infra\_Tests Scripts \test41
D:\Infra\_Tests Scripts \test41
test41
svc_admin
XXX.local
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=