Powershell Deployed via SCCM Issue

Question

I am writing a powershell script to be deployed by SCCM via a package. The aim of this is to remove an account with a specific name then write to a file stating if the account exists or not. The code is below:

$Computer = hostname
foreach ($C in $Computer) {
    if (Test-Connection $C -Quiet) {
    Write-Verbose "$C > Online"
        $Users = Get-WMIObject Win32_UserAccount -Filter "LocalAccount=True" -ComputerName $C

        if ($Users.Name -contains 'test') {
            Add-Content \\SERVERNAME\SHARENAME.$\$computer-found_$(get-date -Format yyyymmdd_hhmmtt).txt "User 'test' found, Disable 'test' found"
            net user test /active:no            }
        else {
            Add-Content \\SERVERNAME\SHARENAME.$\$computer-notfound_$(get-date -Format yyyymmdd_hhmmtt).txt "User 'test' not found"
        }
    }
    else {
    Write-Verbose "$C > Offline"
    }
}

I have also tried replace Write-Verbose with Write-Host and Add-Content with Out-File but the problem I having is that no content / file is created when I use the full network path or share eg \\\\SERVERNAME\\SHARENAME.$ the path identified has all the correct permissions and is being ran locally using the System account.

I wanted to see if the issue occured when writing the file locatlly consequently this does not happen when written to C:\\Temp\\

Does anyone have any ideas on to solve this.

Answer 1

I may get downvoted for this as my answer isn't technically directly answering your question, it is, however, intended to try and point you in what may be a more logical direction. All apologies if I offend anyone, but here it is:

Why not just disable the user using Group Policy? If you really want to know where the user is/isn't disabled then you could just use hardware inventory for that, but GP really is the best way to enforce this kind of setting.

Answer 2

I don't think that local system account has access to a network resource. I'm not sure if you have ever configured it or not. And what the command you used to run the command

Here I post a working way of doing this using Configuration Manager deployment after testing in my lab.

Basically I created a package with source files
and created a task sequence with single "Run Command Line" step.
The reason I use a task sequence is because I want to use an account to access the txt file on the network, which I can configure within a task sequence. I don't think Local System Account have such permission.

The script (DeactivateTest.ps1) I use as below just like what you provided and changed a little on the logic:

$Computer = hostname
foreach ($C in $Computer) {
    if (Test-Connection $C -Quiet) {
         Write-host "$C > Online"
         $Users = Get-WMIObject Win32_UserAccount -Filter "LocalAccount=True" -ComputerName $C
         $result=0
         Foreach($user in $Users){
             if ($User.Name -like '*test*') {
                 $username = $user.Name
                 "`n$(get-date -Format yyyymmdd_hhmmtt) User $username found ON $C, Disable 'test'" | Add-Content \\cas\resource\Result.txt
                 net user $username /active:no 
                 $result+=1
            }}

       if($result =0){
             "`n$(get-date -Format yyyymmdd_hhmmtt) User 'test' not found ON $C" | Add-Content  \\cas\resource\Result.txt}
             }

    else {
    "`n$C is Offline" | Add-Content \\cas\resource\Result.txt
    }
}

• The script query local account and disable accounts which have words "Test" in the name. If you don't like this logic, you can change :).
• \\\\cas\\resource\\Result.txt is a txt file on the network share. Clients will write result to this txt file.

• The command in the task sequence is (it's a x64 machine):

  PowerShell.exe -ExecutionPolicy Bypass -File ".\\DeactiveTest.ps1"

The output is like: