Currently I am just starting out with Powershell Universal using the Visual Studio Code Extension on a Win 2016 Server… everything is fine and I’ve got a basic dashboard up and running. My question is around “Hosting”. In my case, do I just install the MSI on the server and the service will start automatically?
It runs under the system account by default, so let’s say I am creating an AD User creation form with Powershell Universal and I want my 1st line helpdesk team to use this to create the accounts. Do I need to update the account that service runs under to one that has the right level of access in Active Directory?
I’ve been using Sapien Powershell Studio in the past to achieve this and I’ve put together little GUI’s in there that run under the context of the user who is running the form. So when jobs are running, they run under the context of the user that has the right level of access in AD anyway.
Event logs:
Application ‘/LM/W3SVC/2/ROOT’ with physical root ‘C:\Program Files (x86)\Universal’ failed to start process with commandline ‘C:\Program Files (x86)\Universal\Universal.Server.exe C:\Program Files (x86)\Universal\Universal.Server.dll’ with multiple retries. Failed to bind to port ‘17340’. First 30KB characters of captured stdout and stderr logs from multiple retries:
@dank42
when using IIS try first to set the apppool account to system in order to make sure that the site function properly then you can test with other account.
Yes. Also, there should be a file in your websites root in the /logs/ folder. It provides the stdout from the process in case the PSU logging hasn’t kicked in yet.
You have to make sure in the web.config that the logging is enabled for the stdout logging to function so just make sure that is set to true. I think it is by default.
Yeah that has done it many thanks for getting to the bottom of that for me! Maybe a silly question but what is Unblock-File actually doing under the hood? I mean, the user account that is being used to host the site does have more than enough permissions to the required directories sooo?
On Windows, when you download a file from the internet the browser sets an alternate data stream to indicate it was downloaded from the internet. If you were to right-click on a file like this it would show an option to unblock the file. It’s kind of a safety precaution and allows Windows to prompt the user with warnings when running exes and stuff. PowerShell will block PS1, PSM1s and DLLs from loading if they have this alternate data stream set; even if you’re an admin. The Unblock-File removes this data stream so that PS can load these files.