Trying to run PowerShell script on first login after install, but not working

[XYZ]

Couple of Powershell questions.

1. Is the right/best way to set powershell execution policy by integrating registry file? If not, what is best way. For example, after integrating following .reg file into image, I was still asked to confirm execution policy when I copied a powershell script into virtual machine Win desktop, right-clicked and run with powershell. Why doesn't integrated .reg stop me from being asked to set execution policy ?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"Path"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
"ExecutionPolicy"="RemoteSigned"

2. I am trying to run a Post-Setup .ps1 powershell script to change the height of the taskbar to 3 (code is below, but it's only supposed to take effect after restarting explorer.exe, logging off/on, or rebooting), so I add the .ps1 script file to Post-Setup User-Execution queue. After NTLite processing, the the .ps1 script file is correctly placed in sources\$OEM$\$$\Setup\FilesU, and also appears in the ISO. When I install the ISO into VirtualBox, taskbar stays at height 1, and relevant registry key value byte is also at 1. Restarting explorer.exe, logging off/on/rebooting obviously doesn't work because registry value byte hasn't been changed to 3.

However, If I then manually right click-the .ps1 file > Run with powershell in the same VM Windows, I am asked to Set-Execution Policy, and after saying Y, and restarting explorer.exe the taskbar is height 3, as expected.

Not sure if it is being executed too early by NTLite, and then overwritten some-how by Windows, even though I expected NTLite to make it run when user logs in.

Any ideas ?

The code for the script is below:

$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects3"
$objName = "Settings"
$getObj = Get-ItemProperty -path $path -name $objName
$getObj.Settings[44] = 0x03
$objValue = $getObj.Settings
Set-ItemProperty -path $path -name $objName -Value $objValue

 

[XYZ]

NOTE: for (2), I originally had the .ps1 script restart explorer.exe automatically afterwards, but that stopped Win install from completing (maybe got in endless loop ?? )

In case your interested...

However, I'm now wondering about the restart issue, and whether explorer.exe maybe DOESN'T auto-restart so when the .ps1 script is run. This is a separate issue though - I think.

# Restart explorer.exe for above changes to take effect (will still take effect on log-off/logon or restart)
# DO NOT DO THIS IN NTLITE LOGON SCRIPT AS IT WILL NEVER COMPLETE INSTALL POSSIBLY DUE TO EXPLORER.EXE
# CONTINUALLY REBOOTING ???
Stop-Process -name explorer  # explorer.exe restarts automatically after stopping

 

[garlin]

1. Is the right/best way to set powershell execution policy by integrating registry file?

The normal way is a reg file.

But you can always run a PS command to change policy:
powershell -NoProfile -ExecutionPolicy Bypass "Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force"

If you have conflicting policy scopes (LocalMachine, CurrentUser, Process), then PS will warn you when running this command.

For example, after integrating following .reg file into image, I was still asked to confirm execution policy when I copied a powershell script into virtual machine Win desktop, right-clicked and run with powershell.

"ExecutionPolicy"="RemoteSigned"[/CODE]

RemoteSigned only allows locally created files, and you copied this script from another source. Windows tags all files that are locally created (not just PS1), so it knows which ones can't be trusted without asking permission.

I am trying to run a Post-Setup .ps1 powershell script to change the height of the taskbar to 3 (code is below, but it's only supposed to take effect after restarting explorer.exe, logging off/on, or rebooting), so I add the .ps1 script file to Post-Setup User-Execution queue. After NTLite processing, the the .ps1 script file is correctly placed in sources\$OEM$\$$\Setup\FilesU, and also appears in the ISO. When I install the ISO into VirtualBox, taskbar stays at height 1, and relevant registry key value byte is also at 1. Restarting explorer.exe, logging off/on/rebooting obviously doesn't work because registry value byte hasn't been changed to 3.

However, If I then manually right click-the .ps1 file > Run with powershell in the same VM Windows, I am asked to Set-Execution Policy, and after saying Y, and restarting explorer.exe the taskbar is height 3, as expected.

NTLite runs all *.ps1 scripts with arguments -NoProfile -ExecutionPolicy Bypass, so the existing Policy doesn't matter.

NOTE: for (2), I originally had the .ps1 script restart explorer.exe automatically afterwards, but that stopped Win install from completing (maybe got in endless loop ?? )

Stop-Process -name explorer  # explorer.exe restarts automatically after stopping

You're supposed to call "Stop-Process -Name Explorer; Start-Process explorer.exe".
Windows doesn't always restart Explorer when it's killed, only after it crashes from execution errors.

 

[XYZ]

Thanks for detailed reply garlin.

1. Changing the .reg file to set it to Bypass still didn't work (also tried Unrestricted as that's PS 6 default ploicy), but I still got the Execution Policy Change prompt when manually running the imported .ps1 in VM.

2. I agree it's sloppy, but explorer.exe is supposed to auto-restart unless a registry key is changed.

However, it still results in installation not completing (gets stuck at the "We're getting everything ready for you" stage, before eventually saying "Things are taking longer than expected" message)

That aside, even when not restarting explorer.exe afterwards, it still doesn't work. The relevant byte in the taskbar registry key value is still not changed from 1 to 3, which is what the script should be doing.

A bit more info - I added an installer to run after the .ps1 script in NTLite, so the Post-setup stage would pause (due to installer GUI being displayed, waiting for input) after the .ps1 script has "supposedly" run. I checked the relevant registry key value at this point, and the specific byte was still 1, and not 3.

I'll try that in case that helps, and post back either way.

I'll try running -Execution policy command and .ps1 from SetupComplete.cmd or OOBE.cmd in $OEM$ to see if that helps.

As mentioned for .ps1, it's weird that it works fine when run manually.