Oh, and as an FYI - in ConnectWise Automate Backstage and Automate script - it works because the tool runs as NT AUTHORITY\SYSTEM. We currently have access to this tool.   Any tool that runs as that service account will work fine. Getting it scripted when you have an environment with minimal automation tools is tough.  ... View more

First @PhilipDAth  thanks for the update! It is working pretty well. still working on a good way to script it to run as system via PowerShell with our tools.   @Duke_Nukem - You need to specifically run it under NT AUTHORITY\SYSTEM. An easy but hacky way to do this is with PsExec.exe    Copy PsExec.exe to the target computer In an administrative powershell, run the following command. This will not work in a standard admin powershell. ./PsExec.exe -s -i -accepteula powershell.exe In the new PowerShell window, paste the script contents. This windows is running as NT SYSTEM\AUTHORITY and not local admin   https://docs.microsoft.com/en-us/sysinternals/downloads/psexec ... View more

Did you publish those changes to https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html or a public GitHub repository? This would be incredibly helpful...   I've been trying to test grabbing all SIDs using wmic and feeding that into a loop but I'm getting some weird behaviors. ... View more

I'm no PowerShell expert but I've been looking into how to work around this -    This old thread seems to have a solution - https://github.com/MicrosoftDocs/windowsserverdocs/issues/580 It says if you run the script as NT AUTHORITY\Local System you can pass the SID of the currently logged in user, so the user does not need to be a local admin to install the script. However the script itself needs to be run as Local System, which the thread suggests doing as a Scheduled Task in Windows.   I'm not a huge fan of trying to configure a one-off Scheduled Task and I imagine you could also have a script that just asks for the targeted username and translates that into an SID, or recursively installs for every SID present on the device. Perhaps the latter makes more sense.   If I make any progress on modifying your script to support this I'd be happy to pass it onto you - but you might be faster at making this change than myself. ... View more

Don't want to derail this thread too much - but I just setup a fleet of 20H2 devices (some upgraded, some fresh installs) and I am still seeing an issue where the script does not apply to all users-just the admin user the script is run as. Non-admin users cannot run the script. I am running the script in an elevated PowerShell session.  ... View more

I will second the issues on not showing up for all users in Windows version 2004. We have quite a few computers where this script will work on some and on some it will give a "General error with no specific details has occurred" or it will only show up for the admin account that ran the script and not regular users - identical script. For those that the script successfully installs, it works perfectly.  ... View more