Hi guys,
I recently noticed a weird issue where a powershell script behaves differently, depending on how it is called. More specifically, the script isn't able to list all directories in the \System32\WindowsPowerShell\v1.0\Modules folder which results in it not able to load all modules from there.
To troubleshoot this, I wrote the following simple script:
Read-Host
If I run the script I get the following output:
AppBackgroundTask
AppLocker
Appx
AssignedAccess
BitLocker
BitsTransfer
BranchCache
CimCmdlets
Defender
DirectAccessClientComponents
Dism
DnsClient
Hyper-V
International
iSCSI
ISE
Kds
Microsoft.PowerShell.Diagnostics
Microsoft.PowerShell.Host
Microsoft.PowerShell.Management
Microsoft.PowerShell.Security
Microsoft.PowerShell.Utility
Microsoft.WSMan.Management
MMAgent
MsDtc
NetAdapter
NetConnection
NetEventPacketCapture
NetLbfo
NetNat
NetQos
NetSecurity
NetSwitchTeam
NetTCPIP
NetWNV
NetworkConnectivityStatus
NetworkTransition
PcsvDevice
PKI
PrintManagement
PSDesiredStateConfiguration
PSDiagnostics
PSScheduledJob
PSWorkflow
PSWorkflowUtility
ScheduledTasks
SecureBoot
SmbShare
SmbWitness
StartScreen
Storage
TLS
TroubleshootingPack
TrustedPlatformModule
VpnClient
Wdac
WindowsDeveloperLicense
WindowsErrorReporting
WindowsSearch
It is the same if I open a console and run the script from there, if I run it from the ide, if I run powershell [scriptname] from the run dialog or if I right click the script file and select 'Run with Powershell' from the context menu
If I now double click the script in file explorer or open the start screen in Windows 8.1 look for the script name and run in from there, I get the following output:
AppLocker
Appx
BitsTransfer
BranchCache
CimCmdlets
DirectAccessClientComponents
Dism
DnsClient
Hyper-V
International
iSCSI
ISE
Kds
Microsoft.PowerShell.Diagnostics
Microsoft.PowerShell.Host
Microsoft.PowerShell.Management
Microsoft.PowerShell.Security
Microsoft.PowerShell.Utility
Microsoft.WSMan.Management
MsDtc
NetAdapter
NetConnection
NetLbfo
NetNat
NetQos
NetSecurity
NetSwitchTeam
NetTCPIP
NetWNV
NetworkConnectivityStatus
NetworkTransition
PKI
PrintManagement
PSDiagnostics
PSScheduledJob
ScheduledTasks
SecureBoot
Storage
TLS
TroubleshootingPack
TrustedPlatformModule
VpnClient
Wdac
WindowsDeveloperLicense
WindowsErrorReporting
Several folders, like AppBackGroundTask, BitLocker, Defender or PSDesiredStateConfiguration are missing. If I change the script to sl into the directory, I get a 'Cannot find path because it does not exist' error.
My first thought was that the script is somehow executed in a different user context, but I couldn't find anything noteworthy, if I run a whoami /all it's the same SID, groups and privileges. I'm also not joined to a domain.
Do you know what could cause this behavior and how to fix it?