I'm working on a project where we're migrating users from one Entra ID tenant to another, and part of this involves resetting their systems. Users won't have admin privileges, so I created two scripts – one for returning to OOBE and another for simply performing the reset. These scripts will be deployed via the Company Portal.
Here's the challenge: Before the reset happens, I want to prompt the user with an OK/Cancel message box that asks if they're sure they want to proceed with resetting their system. However, I'm struggling to find a way to send this message from the script that's running in the system context and to retrieve the user's response. I can determine which session the user is in and see who is logged in, but sending the message to the user is proving difficult. Any guidance, sample code, or references would be greatly appreciated!
5 Answers
You can use PInvoke alongside `WTSSendMessage`, which allows targeting a specific user session. Make sure to get the active console session ID with `WTSGetActiveConsoleSessionId`. This way, you can send messages directly to the logged-in user.
Have you thought about creating a scheduled task that runs in the user's context to display the message box? You could save the user's response to a file and import that into your script running in system context.
You might want to check out 'ServiceUI' from MDT – it should help you display the message box you're looking for. It's worth a shot!
I've had success with a simple method: create a flag file like 'AwaitUser.txt' so the first script knows to wait. Then, a second script runs in user context to show the window when 'AwaitUser.txt' exists and writes 'UserConfirmed.txt' when the user responds. This way, your first script can keep checking for confirmation before proceeding.
Interacting with a user logged on while running as system can be tricky. You might have to trigger another script in the user's session to communicate back to your main script. Consider using a file, a registry key, or even named pipes for the interaction.
I've also heard that PSADT can be used for similar purposes. You might want to explore that option as well!