You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/script-hooks.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -364,12 +364,14 @@ C:\Windows\System32\inetsrv\appcmd.exe set config -section:system.applicationHos
364
364
```
365
365
366
366
## Running In-Process vs Launch New Process
367
-
The Powershell deployment task can run in two modes on Windows: In-Process and as a New Process. This option mainly affects the process features when the background service is attempting to run the task as an impersonated user. In-Process has very limited user impersonation abilities, New Process has extended Impersonation capabilities but different limitations.
367
+
The Powershell deployment task can run in two modes on Windows: In-Process and as a New Process. This option mainly affects the process features when the background service is attempting to run the task.
368
368
369
-
In all cases the background service will attempt to run your task as the user you specify in an impersonation context with a specific Windows *LogonType*: https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types - this affects things like reuse of credentials across network resources and the relevance varies greatly depending on what your script does and which other processes it calls into.
369
+
For in-process the service will attempt to run your task as the user you specify in an impersonation context with a specific Windows *LogonType*: https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types - this affects things like reuse of credentials across network resources and the relevance varies greatly depending on what your script does and which other processes it calls into.
370
370
371
371
In all case you will need to test to determine the best option for your specific script. It is not always possible to get a script to work under impersonation and in those cases you may need to write out the relevant certificate variables like the thumbprint or file path then perform operations separately using your own filewatcher process or a scheduled task elsewhere.
372
372
373
+
Note that the *Launch New Process* option currently does not support impersonation and we aim to address this with new task runner functionality in the future.
374
+
373
375
## Troubleshooting
374
376
375
377
* In the Certify UI, you may test scripts by clicking the ▶ button. You should ideally test scripts after you have completed a successful certificate request so that you have real results and a certificate to work with.
0 commit comments