Powershell command fails when run via GPO on certain Win10 PC's

agradmin used Ask the Experts™
We are attempting to enable the Foundation Identity feature in Windows 10 by way of a Powershell command, run as a startup script via Group Policy. The task is successful in general but is failing on one or two of a random selection of Win 10 PC's.

- The Powershell command itself works fine on the affected PC's
- GPRESULT on a sample PC confirms  the GPO is assigned
- other Group Policy tasks run as expected on the affected PC's
- the  Group Policy task works fine on other WIn10 PC's
- PC's have been restarted multiple times
- there is NOTHING in the Application/System event logs that yield any clues

It appears that there is some reason the GPO is failing on the affected PC's, at this point we are wondering if age could be a factor (of PC's, not testers.....)

I am looking for help in trying to narrow down the root cause. Your expert advice would be appreciated.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Matt MinorTechnical Systems Analyst

Have a look at the Group-Policy specific logs on a problematic system to see if there are any telling details regarding the application of the GPO itself.

On the client the log is located under Applications and Services Logs/Microsoft/Windows/GroupPolicy.


Thanks Matt,
Although the GP log yielded nothing but confirmation that GP was working the Powershell log tells a different tale. In that we are seeing DSIM issues and from the DSIM log am seeing the following;

Warning               DISM   DISM Provider Store: PID=3200 TID=3596 Failed to Load the provider: C:\WINDOWS\SYSTEM32\Dism\SiloedPackageProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
[3200] [0x80070002] FIOReadFileIntoBuffer:(1250): The system cannot find the file specified.

In checking the SiloedPackageProvider.dll file does not exist in the DSIM folder - now we just have to figure out why/fix. The question is, as this is in the Powershell log and the file does not exist then how does that explain the update working when run via Powershell but not via GPO?

Thanks for your helping in getting us to that.


Can anyone explain how SiloedPackageProvider.dll is needed when running a Powershell script at startup (via GPO), but not when the same script is run directly on PC?

I am trying to figure out how to resolve for the handful of PC's that are affected. I have checked on a 'good' PC and SiloedPackageProvider.dll is indeed present so I'm wondering how they are different.
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.


Hi all,
We managed to get around the issue by enabling the Identity Foundation feature directly from the DISM command, as following;

dism /online /enable-feature /featurename:Windows-Identity-Foundation

I can't explain why but this resolves the issue. Thanks to Matt for leading us in that direction.


Hmmmm - I am no longer able to see a mechanism to close tickets in Chrome or Edge.....
Technical Systems Analyst
Strange indeed but I am glad you were able to get around the issue. As for the close ticket issue, I'm really not sure! I tend to use Firefox and haven't run into any issues with EE functionality so far- perhaps another expert will have some advice?


Thanks Matt, I have tried in IE also.... I have used EE for years and never had this issue, perhaps I need to open a ticket on how to close :-)

Thanks again for your help - enjoy your weekend.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial