I’ve got a Powershell script set to run via GPO as a startup script.
(Computer configuration > Policies > Windows Settings > Scripts > Startup)
The script runs on startup as expected, but one of the Powershell cmdlets fails. Specifically Get-SecureBootUEFI -name dbx errors out with an access denied message. This is an issue of the Powershell session needing to be run as administrator and I have verified this on the workstation I’m using as a testing ground. Opening Powershell normally and executing the cmdlet yields an identical error message. Right clicking Powershell and selecting “Run as administrator” launches a session where I can successfully execute the cmdlet.
So after spending most of my day digging into this, everything I’m finding on the internet is indicating “To run your script with administrator privileges, run it as a startup script so it will run as SYSTEM which will give you the permissions you need.” Well I started with it as a startup script and that quite clearly isn’t running in an administrator context as evidenced by the access denied message I’m getting hit with.
What do I have to do to allow my script to run in a true administrator context?