Run Powershell Script block as Trusted installer using Scheduled Task under Admin account

RunScriptBlockAsTrustedInstaller.ps1

# Run Powershell scriptblock as Trusted Installer From Admin context (Yeah, MDT) using Scheduled Task.
# Credit due to : https://www.tiraniddo.dev/2019/09/the-art-of-becoming-trustedinstaller.html 


$ScriptBlock = {

        $Script:TsEnv = New-Object PSObject
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'SystemHostName' -Value ([System.Environment]::MachineName)
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'SystemIPAddress' -Value (Get-NetIPAddress -AddressFamily IPv4 -PrefixOrigin Dhcp -AddressState Preferred).IPAddress
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'SystemOSversion' -Value ([System.Environment]::OSVersion.VersionString)
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'SystemOSArchitectureIsX64' -Value ([System.Environment]::Is64BitOperatingSystem)
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUser' -Value ([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserIsAdmin' -Value (New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserIsSystem' -Value $([System.Security.Principal.WindowsIdentity]::GetCurrent().IsSystem)
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserIsTrustedInstaller' -Value ([System.Security.Principal.WindowsIdentity]::GetCurrent().groups.value -contains "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464")
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserName' -Value ($Script:TsEnv.CurrentUser).split("\")[1]
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserDomain' -Value ($Script:TsEnv.CurrentUser).split("\")[0]
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserSID' -Value (New-Object System.Security.Principal.NTAccount($Script:TsEnv.CurrentUser)).Translate([System.Security.Principal.SecurityIdentifier]).value
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserProfilePath' -Value (Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'| Where-Object {$PSItem.pschildname -eq $Script:TsEnv.CurrentUserSID}|Get-ItemPropertyValue -Name ProfileImagePath)
        $Script:TsEnv|Add-Member -MemberType NoteProperty -Name 'CurrentUserRegistryPath' -Value "HKU:\$($Script:TsEnv.CurrentUserSID)" 

        function Write-log 
            {
                 Param(
                      [parameter()]
                      [String]$Path="C:\Windows\logs\TesT-RunAsTI.log",

                      [parameter(Position=0)]
                      [String]$Message,

                      [parameter()]
                      [String]$Component="RunAsTI",

		              #Severity  Type(1 - Information, 2- Warning, 3 - Error)
		              [parameter(Mandatory=$False)]
		              [ValidateRange(1,3)]
		              [Single]$Type = 1
                )

		# Create Folder path if not present
                $oFolderPath = Split-Path $Path
		If (-not (test-path $oFolderPath)){New-Item -Path $oFolderPath -ItemType Directory -Force|out-null}

                # Create a log entry
                $Content = "<![LOG[$Message]LOG]!>" +`
                    "<time=`"$(Get-Date -Format "HH:mm:ss.ffffff")`" " +`
                    "date=`"$(Get-Date -Format "M-d-yyyy")`" " +`
                    "component=`"$Component`" " +`
                    "context=`"$([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)`" " +`
                    "type=`"$Type`" " +`
                    "thread=`"$([Threading.Thread]::CurrentThread.ManagedThreadId)`" " +`
                    "file=`"`">"

                # Write the line to the log file
                Add-Content -Path $Path -Value $Content -Encoding UTF8 -ErrorAction SilentlyContinue
            }


        Write-log "***************************************************************************************************"
        Write-log "Log Path: $log"
        Write-log "System Host Name: $($Script:TsEnv.SystemHostName)"
        Write-log "System IP Address: $($Script:TsEnv.SystemIPAddress)"
        Write-log "System OS version: $($Script:TsEnv.SystemOSversion)"
        Write-log "System OS Architecture is x64: $($Script:TsEnv.SystemOSArchitectureIsX64)"
        Write-Log "User Name: $($Script:TsEnv.CurrentUser)"
        Write-Log "User is Admin: $($Script:TsEnv.CurrentUserIsAdmin)" 
        Write-Log "User is System: $($Script:TsEnv.CurrentUserIsSystem)" 
        Write-Log "User is TrustedInstaller: $($Script:TsEnv.CurrentUserIsTrustedInstaller)" 
        Write-log "***************************************************************************************************"

    }


$TaskName = "TestTaskTI"
$SchedulerPath = "\Microsoft\Windows\PowerShell\ScheduledJobs"

Register-ScheduledJob -Name $taskName -ScriptBlock $ScriptBlock|Out-Null
$principal = New-ScheduledTaskPrincipal -UserId "$env:COMPUTERNAME\Administrateur" #Warning: the admin account is localised, use Administrator for EN, US... 
Set-ScheduledTask -TaskPath $SchedulerPath -TaskName $taskName -Principal $principal|Out-Null

$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()

$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder($SchedulerPath)
$task = $folder.GetTask($TaskName)

#Start Task
$task.RunEx($null, 0, 0, $user)


#Kill Task
$task.Stop(0)
Unregister-ScheduledJob $TaskName -Confirm:$false