In our Windows Service code, we execute a command line that execute a powershell script.
The powershell script is basic, it created a file, the file name is a timestamp.
My problem is that the file is not created, I dont see errors on Event Viewer (I would expect security/permission errors).
When I look in Event Viewer under “PowerShell” I can see the following rows:
Provider "Registry" is Started. Provider "Alias" is Started. Provider "Environment" is Started. Provider "FileSystem" is Started. Provider "Function" is Started. Provider "Variable" is Started. Engine state is changed from None to Available. Engine state is changed from Available to Stopped.
The path for the exe is valid, Is there a way to troubleshoot it?
These log lines probably means that powershell was executed successfully, so the problem maybe not be in powershell itself.
I thought about the next:
- run procmon and make sure powershell is started
- make sure all permissions are ok, user has permission to execute the file, to write to target dir etc.
- make a simple script, or just open powershell with sleep for 2 minutes and check the process is up.
- Maybe there is a security policy that is blocking ? If so, why the powershell logs are being written.
Are there additional ways to troubleshoot this issue?
This is the output of 1 sample event viewer:
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.3053 HostId=2289b4be-cd08-4b9f-a697-f600b5b08e84 HostApplication=PowerShell.exe -ExecutionPolicy Bypass D:\Scripts\Protect_Nothing.ps1 7.6 155 Test de script Powershell vide pour Windows 15/11/2019 16:16:08 15/11/2019 16:01:52 XXX.local\svc_admin D:\Infra\_Tests Scripts \test41 D:\Infra\_Tests Scripts \test41 test41 svc_admin XXX.local EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=