I have a SCOM Monitor that attempts to run a SQL query with the object system.data.sqlclient.sqlconnection (the SQL powershell modules aren’t installed). The PS1 runs fine with an admin powershell window, but does NOT run in normal context (errors out with “cannot create type, only core types are supported in this language mode”)
Is there a way to get the SCOM agent to run the PS1 in admin as opposed to normal-user context? The Action account for the agent is Local System.
Hi - Interesting question.
There are security considerations of potentially by-passing security controls that are in place and my first port of call would be to work with the security teams to enable the script to be run. If they were against it, then I’d probably leave it with the support \ application team who wants you to create the monitor to take up that discussion. One of the main challenges I found being part of a monitoring team was that other teams thought we had to solve all of their problems for them 
Without knowing the query, there may be a number of other options:
-
Does it work if you specify a run as account that has the required privileges as the security context for the monitor to execute under?
-
Is there a way to leverage the native SCOM OLE DB Probe Module via code. E.g. Query a database without scripting as part of SCOM monitoring – The System.OLEDBProbe module « .\Matthew Long - this will likely depend on the complexity of the logic in the PowerShell script.
-
There are options to override PowerShell security settings within a script. I don’t know if this is a technical option in your case and doing it might be career limiting (or ending) if it breaks security controls and security find out. Not one for me.
Out of interest, are you doing this in the PowerShell Community MP or in Visual Studio?
Cheers
Graham