Any way to stop the -BlockExecution for POST-INSTALLATION?

Topics: Archive - General
Dec 3, 2013 at 6:37 PM
I am using -BlockExecution in my Show-InstallationWelcome to prevent users from launching certain application during the install. However, I'd like to launch one of the programs as the last step after installation, during the POST-INSTALLATION steps. Obviously when I try this I get the blocked application popup box. So, the question is, can I cancel the -BlockExecution somehow? Thanks.
Dec 3, 2013 at 6:41 PM
Interesting use case. Can you try adding "Unblock-AppExecution" as a step in the Post-Installation section?

This should work, although there might be an error encountered when the toolkit is finished running as it will attempt to unblock a second time. Let us know if you see anything strange, I haven't tested this myself.

Dec 3, 2013 at 10:19 PM
I'm happy to hear you find my use case interesting :-).

Your solution worked flawlessly! Thank you very much!!!
The exit code is 0 as well so it doesn't throw an error and my SCCM reporting is perfect.

What I am doing is launching the application that I am installing (Cisco Jabber). If a previous version is installed, we need to make sure the user closes it and isn't able to reopen it. Once the installation is complete, I want to launch the application for the user so they can use it right away and they don't have to hunt for it in the Start Menu. This actually posed another challenge, how to get the application to launch in the logged on user context instead of the SYSTEM account (which is used by SCCM to do the install, which we all know). In order to do this, I used a scheduled task. Here's the code:
    # Unblock the applications
    # Get logged on username
    $uname = (get-wmiobject win32_computersystem).username

    # Only launch app if an actual user is logged on
    if ($uname -ne $null -and $uname -ne "SYSTEM") {
        # Create Scheduled Task to run Jabber in logged on user context
        Start-Process -FilePath "schtasks.exe" -ArgumentList "/create /f /ru `"$uname`" /sc once /sd `"01/01/1980`" /ST `"00:00:00`" /tn launch_jabber /tr `"\`"%programfiles%\Cisco Systems\Cisco Jabber\CiscoJabber.exe\`"" -Wait -WindowStyle Hidden
        # Trigger Scheduled Task
        Start-Process -FilePath "schtasks.exe" -ArgumentList "/run /i /tn launch_jabber" -Wait -WindowStyle Hidden
        # Delete Scheduled Task
        Start-Process -FilePath "schtasks.exe" -ArgumentList "/delete /tn launch_jabber /f" -Wait -WindowStyle Hidden
I also tested this while no user was logged on and it worked perfectly as well. Once we complete our pilot I will post the entire script in the Deployment Scripts forum.
Dec 4, 2013 at 1:51 PM
Nice job :)
Dec 5, 2013 at 1:08 PM
I've taken the liberty of quickly building this as a standalone function. I haven't tested it but you might want to try it out and see if you can fix it up anywhere it needs work. You can then release it as an extension, as it could be really useful to others :) This will use the in-built toolkit functions so you get full logging throughout.
Function Execute-ProcessAsUser {
        [string] $FilePath = $(Throw "Command Param required"),
        [string] $Arguments = $null

    # If the file is in the Files subdirectory of the App Deploy Toolkit, set the full path to the file
    If (Test-Path (Join-Path $dirFiles $FilePath -ErrorAction SilentlyContinue) -ErrorAction SilentlyContinue) {
        $FilePath = (Join-Path $dirFiles $FilePath)

    # Only launch app if an actual user is logged on
    If ($envUsername -ne $null -and $envUsername -ne "SYSTEM") {
        Write-Log "Executing [$FilePath $Arguments] in user context using Scheduled Tasks..."
        # Create Scheduled Task to run Jabber in logged on user context
        Execute-Process -FilePath "schtasks.exe" -ArgumentList "/create /f /ru '"$envUsername'" /sc once /sd '"01/01/1980'" /ST '"00:00:00'" /tn PSAppDeployToolkitExecuteAsUser /tr '"\'"$FilePath\'" $Arguments" -Wait -WindowStyle Hidden
        # Trigger Scheduled Task
        Execute-Process -FilePath "schtasks.exe" -ArgumentList "/run /i /tn PSAppDeployToolkitExecuteAsUser" -Wait -WindowStyle Hidden
        # Delete Scheduled Task
        Execute-Process -FilePath "schtasks.exe" -ArgumentList "/delete /tn PSAppDeployToolkitExecuteAsUser /f" -Wait -WindowStyle Hidden
    Else {
        Write-Log "No user is logged in. Skipping execution of: [$FilePath $Arguments]"