Sort-Object : Exception getting "InstalledOn": "Exception calling "Parse" with "1" argument(s): "String was not
recognized as a valid DateTime.""
At C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main\Install.ps1:609 char:34
+         $hotfix = @(Get-HotFix | Sort-Object -Property:InstalledOn)
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (\\SERVERXYZ\roo...PackInEffect="":PSObject) [Sort-Object], GetValueInvoc
   ationException
    + FullyQualifiedErrorId : ExpressionEvaluation,Microsoft.PowerShell.Commands.SortObjectCommand
Hi,

after the update of the script adding the correct KB i get a lot of Errors on our 2012R2 Serverslike this


Sort-Object : Exception getting "InstalledOn": "Exception calling "Parse" with "1" argument(s): "String was not
recognized as a valid DateTime.""
At C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main\Install.ps1:609 char:34
+         $hotfix = @(Get-HotFix | Sort-Object -Property:InstalledOn)
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (\\SERVERXYZ\roo...PackInEffect="":PSObject) [Sort-Object], GetValueInvoc
   ationException
    + FullyQualifiedErrorId : ExpressionEvaluation,Microsoft.PowerShell.Commands.SortObjectCommand

Sort-Object : Exception getting "InstalledOn": "Exception calling "Parse" with "1" argument(s): "String was not
recognized as a valid DateTime.""
At C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main\Install.ps1:609 char:34
+         $hotfix = @(Get-HotFix | Sort-Object -Property:InstalledOn)
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (\\SERVERXYZ\roo...PackInEffect="":PSObject) [Sort-Object], GetValueInvoc
   ationException
    + FullyQualifiedErrorId : ExpressionEvaluation,Microsoft.PowerShell.Commands.SortObjectCommand
....

When i take a look at the updates i see they are installed but there is no "InstalledOn" for some.

maybe it needs some fault tollerance added:

Hi,

During the installation of MDE on server 2016 , the scripts install the GUI, according to Microsoft docs its not recommended to install the GUI. Is it possible to modify the script to either not include it or a switch to prevent the installation?

In addition, the user interface on Windows Server 2016 only allows for basic operations. To perform operations on a device locally, refer to Manage Microsoft Defender for Endpoint with PowerShell, WMI, and MPCmdRun.exe. As a result, features that specifically rely on user interaction, such as where the user is prompted to make a decision or perform a specific task, may not work as expected**. It's recommended to disable or not enable the user interface nor require user interaction on any managed server as it may impact protection capability.**

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide

It would be helpfull if the onboarding script without a path was searched for in the directory where the install.ps1 script resides. It would make the command line less messy.

I would also like there to be a separate log directory. Logging in the same directory as the files resides is messy.

I appreciate that the scripts leave no error messages in the event log if the operating system is not correct.

Hi,
Am having real issues getting the script to run on Server 2016. Have followed the guidance to deploy via GPO, with the following arguments for the scheduled task that invokes powershell:

-ExecutionPolicy RemoteSigned -file "\[UNCPath]\install.ps1" -Passive -OnboardingScript "\[UNCPath]\windowsdefenderatponboardingscript.cmd"

The UNC path uses the server's fqdn as advised; and Install.ps1, m34ws.msi and the WindowsDefenderATPOnboardingScript.cmd file are all in the same directory.
I've granted modify rights on the folder to an AD security group containing the servers concerned.
I can see that the scheduled task is created on the server, but it just sits in a 'running' state and doesn't complete.
No log file is generated, so I have nothing to go on to indicate why it's failing.

I've tried disabling UAC on the server, and running powershell in 'bypass' mode instead of remotesigned.
I've also tried disabling logging using the NoETL and NoMSILog switches.

If I manually install the msi, and then run the onboarding script from the UNC path it works fine - so I'm pretty sure that it's the powershell script that's getting stuck.
Have attached a screengrab of the final event in the powershell log. After that it just sits there.

All help much appreciated,

Pete

I executed the commmand .\Install.ps1 -OnboardingScript .\WindowsDefenderATPOnboardingScript.cmd successfully. But the generated .etl log file is very large (over 66GB) and can not be deleted. The error message as below:
`del : Access is denied

At line:1 char:1

• del install-HOSTNAME-10.0.14393.5501.etl

• CategoryInfo : PermissionDenied: (C:\win2016_onbo…14393.5501.etl:String) [Remove-Item], Unauthorized

AccessException

• FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.RemoveItemCommand`

How can I delete it ?

Steps to reproduce:

1. Download install.ps1 from this github
2. Download onboarding package and script from https://security.microsoft.com
3. Place all three files on the same, dedicated, folder
4. Run: install.ps1 -OnboardingScript .\WindowsDefenderATPLocalOnboardingScript.cmd

Fails with the following output:

Exit-Install : [:10 23/05/23T08:17:36.923 install.ps1:468] Invalid onboarding script:
.\WindowsDefenderATPLocalOnboardingScript.cmd might wait for user input
At C:\temp\23maio2023\install.ps1:468 char:13

•         Exit-Install -Message:"Invalid onboarding script: $Onboar ...
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Exit-Install

We've observed that the getversioninfo function sometimes fails:

Exception calling "GetVersionInfo" with "1" argument(s): "C:\Windows\system32\ntoskrnl.exe"
At C:\temp\mdefordownlevelserver-main\mdefordownlevelserver-main\Install.ps1:300 char:5

• $versionInfo = [Diagnostics.FileVersionInfo]::GetVersionInfo($Fil ...
  

• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  • FullyQualifiedErrorId : FileNotFoundException

This is 2016 build 14393.2248

Do a search for "smae" and change it to "same"

I've an issue with the Install.ps1. When Defender (md4ws.msi) is to be installed with msiexec, I get the help for msiexec instead and the installation is interrupted. Any help would be appreciated.

Hi,
I'm trying to launch the script on a Windows Server 2016 standard and suddenly it shows this error:
Invoke-Member : Exception calling "InvokeMember" with "5" argument(s): "OpenDatabase,DatabasePath,OpenMode"

Any thoughts?

Best Regards

Hello,
It appears that during the resolution of dependencies for Windows Server 2012R2, a standalone update package for an older Windows version gets downloaded.

Compare the downloaded file in line 346
Windows8.1-KB2999226-x64.msu

to the file referenced in line 350
Windows6.1-KB3080149-x64.msu

The download link in line 350 downloads a 17MB file intended for Windows 7 and Server 2008R2, neither of which are supported by the agent installed by this script. Running this update package on a Server 2012R2 results in a "not applicable" error.

According to the Microsoft Update Catalog, the correct update package for KB3080149 for Windows Server 2012R2 (and Windows 8.1) is:

windows8.1-kb3080149-x64

and is 1.2 Megabytes in size.

I hope I'm not barking up the wrong tree here, but if this was indeed an error, I would be happy to see a fix, because the script is very useful for MDE deployments to older servers.

Thanks for your work.

On a 2012R2 Server, Installation works great but the onboarding failed with error 15.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide

Sense didn´t start.
Waited shortly and reran it. In the meantime kb2267602 was installed.
Sense started working.

Maybe it took longer and you should implement a timeout before running the onboarding?

After Reboot these Updates were available via WSUS

C:\Windows\TEMP\fc12dd90-c33e-4d2e-8376-8eac2ce85853.log /quiet FORCEPASSIVEMODE=1" run for 00:02:05.7346912 [SERVERNAME:03 22.07.20T08:20:39.310 Install.ps1:934] install successful. 
[SERVERNAME:03 22.07.20T08:20:39.311 Install.ps1:940] Invoking onboarding script .\WindowsDefenderATPOnboardingScript.CMD 
[SERVERNAME:03 22.07.20T08:20:39.317 Install.ps1:948] Running C:\Windows\system32\cmd.exe /c .\WindowsDefenderATPOnboardingScript.CMD in C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main ... 
[SERVERNAME:03 22.07.20T08:21:33.446 Install.ps1:948] Command "cmd.exe /c .\WindowsDefenderATPOnboardingScript.CMD" failed with error 0xf after 00:00:53.1039919 
[SERVERNAME:03 22.07.20T08:21:33.467 Install.ps1:952] **WARNING: Onboarding script returned 15** [SERVERNAME:03 22.07.20T08:21:33.473 Install.ps1:959] Closing handle 5268 
[SERVERNAME:03 22.07.20T08:21:33.595 Install.ps1:966] Tracing session 'install-SERVERNAME-6.3.9600.20475' stopped. 
[SERVERNAME:03 22.07.20T08:21:33.610 Install.ps1:970] ETL file: 'C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main\install-SERVERNAME-6.3.9600.20475.etl'. 
[SERVERNAME:03 22.07.20T08:21:33.614 Install.ps1:975] Msi log: 'C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main\install-SERVERNAME-6.3.9600.20475.log'

Hi,

my customer wants to use a 3rd party EDR and MDE as AV. I see there is a CONFLICTING_APPS error message for this script.

as for the linux counterpart
https://github.com/microsoft/mdatp-xplat/tree/master/linux/installation

There it is possible to skip the check for conflicting apps (-x parameter).

Is such a skip for conflicting apps already in place for this installer script or is it planned to have this feature in the future?

On Server 2016 I'm running the script as instructed but it never completes. See output below:

• Git repo is cloned to c:\windows\temp
• WindowsDefenderATPLocalOnboardScript.cmd was downloaded from security.microsoft.com via Settings->Onboarding and placed in c:\windows\temp\mdefordownlevelserver
• *md4ws.msi downloaded from security.microsoft.com via Settings->Onboarding and placed in c:\windows\temp\mdefordownlevelserver

Install line (PowerShell, as administrator):

& "c:\windows\temp\mdefordownlevelserver\Install.ps1" -RemoveMMA '<MMA ID REDACTED>' -OnboardingScript "C:\windows\temp\mdefordownlevelserver\WindowsDefenderATPLocalOnboardingScript.cmd"

Log output (it just hangs a minute in):

[PCNAME:09 22/08/11T13:48:50.107 Install.ps1:503] [Net.ServicePointManager]::SecurityProtocol updated to 'Ssl3, Tls, Tls12'
[PCNAME:09 22/08/11T13:48:50.622 Install.ps1:613] Tracing session 'install-PCNAME-10.0.14393.5246' started.
[PCNAME:09 22/08/11T13:48:50.794 Install.ps1:629] Removing cloud workspace <ID REDACTED>...
[PCNAME:09 22/08/11T13:48:51.138 Install.ps1:637] Workspace <ID REDACTED> removed.
[PCNAME:09 22/08/11T13:48:51.203 Install.ps1:657] BuildLabEx: 14393.5246.amd64fre.rs1_release.220701-1744
[PCNAME:09 22/08/11T13:48:54.047 Install.ps1:660] There are 27 KBs installed.
[PCNAME:09 22/08/11T13:48:54.047 Install.ps1:663] KB5016058 was installed on 08/10/2022 00:00:00
[PCNAME:09 22/08/11T13:48:56.956 Install.ps1:286] 'HKCR' PSDrive created(script scoped)
[PCNAME:09 22/08/11T13:48:57.800 Install.ps1:961] Handle 3248 opened over C:\windows\temp\mdefordownlevelserver\md4ws.msi
[PCNAME:09 22/08/11T13:49:00.550 Install.ps1:972] 797261D33CB9160051DE3F2AFA691C63A5078ED8724A56A3322E4DE846DDCFA3 C:\windows\temp\mdefordownlevelserver\md4ws.msi
[PCNAME:09 22/08/11T13:49:00.597 Install.ps1:996] Running C:\Windows\system32\msiexec.exe /i C:\windows\temp\mdefordownlevelserver\md4ws.msi /lvx*+ C:\Users\<NAME REDACTED>\AppData\Local\Temp\8fe4e3b3-7114-4144-b31d-0fd0fcc888b2.log /quiet in C:\Windows\system32 ...
[PCNAME:09 22/08/11T13:49:05.727 Install.ps1:996] Command "msiexec.exe /i C:\windows\temp\mdefordownlevelserver\md4ws.msi /lvx*+ C:\Users\<NAME REDACTED>\AppData\Local\Temp\8fe4e3b3-7114-4144-b31d-0fd0fcc888b2.log /quiet" run for 00:00:04.7665445
[PCNAME:09 22/08/11T13:49:05.743 Install.ps1:998] install successful.
[PCNAME:09 22/08/11T13:49:05.743 Install.ps1:1020] Invoking onboarding script C:\windows\temp\mdefordownlevelserver\WindowsDefenderATPLocalOnboardingScript.cmd
[PCNAME:09 22/08/11T13:49:05.759 Install.ps1:1028] Running C:\Windows\system32\cmd.exe /c C:\windows\temp\mdefordownlevelserver\WindowsDefenderATPLocalOnboardingScript.cmd in C:\Windows\system32 ...
#30+ minutes pass, nothing happens past this point.

The temp log file states it successfully installed the "Microsoft Defender for Endpoint" application but seems to have ceased all activity afterwards. The "Sense" service did not start and errors out when I attempt to manually start it.

What could the issue be? Task manager is quiet and there's little indication of what is happening.

Hello,
For a mass deployment scenario it would be great if the script could handle more scenarios gracefully rather than failing.
For example, If the workspace doesn't exist then the script fails, it would be better if this could be handled gracefully and continue to execute e.g if this is a first time installation but the -removeMMA has been provided for mass deployment where there could be a mixture of situations.

In this situation if the MMA is not installed this script also fails if -removeMMA is specified, I appreciate this is by design but for again for mass deployment it maybe helpful for this type of error to be dealt with?

The -uninstall parameter should check if SENSE service is running and if it is NOT running it should automatically change the following keys before attempting to uninstall the MSI:
reg add "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status" /v OnboardingState /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /v Start /t REG_DWORD /d 4 /f

Otherwise, the MSI fails to install asking to offboard even though offboarding has already run and SENSE is stopped.

Hi,
It would be great if the script could have an option to support uninstalling MMA (Mictosoft Monitoring Agent) where there are no workspaces present.
The -RemoveMMA flag doesn't seem to do this, maybe another flag like -UninstallMMA.

add the optional uninstall commang e.g
MsiExec.exe /x "{774E20C6-9B94-48F2-99C9-8E1FAE17C960}" /qn
Would need to get the correct uninstall string,
e.g {88EE688B-31C6-4B90-90DF-FBB345223F94}
Thanks

On systems with TLS1.0 disabled I am getting this error:

Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send.
At line:2 char:46
+ ... n = ([xml]((Invoke-WebRequest -UseBasicParsing -Uri:"$uri&action=info ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Adding the following line allows this to work:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

From Microsoft page:

https://docs.microsoft.com/en-us/security/engineering/solving-tls1-problem

Windows PowerShell uses .NET Framework 4.5, which does not include TLS 1.2 as an available protocol. To work around this, two solutions are available:

1. Modify the script in question to include the following:
   [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

2. Add a system-wide registry key (e.g. via group policy) to any machine that needs to make TLS 1.2 connections from a .NET app. This will cause .NET to use the "System Default" TLS versions which adds TLS 1.2 as an available protocol AND it will allow the scripts to use future TLS Versions when the OS supports them. (e.g. TLS 1.3)

   reg add HKLM\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64

   reg add HKLM\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:32

executed install.ps with md4sw.exe 137MB.
Below powershell script run on server to compare result out put.

.\install.ps1 -RemoveMMA <YOUR_WORKSPACE_ID> -OnboardingScript ".\WindowsDefenderATPOnboardingScript.cmd"install.ps

It gave error as
unexpected Authenticode signature

Hi,
we cannot run install.ps1 with ExecutionPolicy RemoteSigned / AllSigned as we do not have the signing certificate.
Sadly the Certificate provided in this Repository is not the one this ps1 got signed.
Can you provide the signer certificate to add it to our truststore?
Thank you

I made the mistake of naming my working directory "Defender Install".

MSIExec was not happy.

FYI to anyone else, don't put spaces in your cli paths.

We don't want to open a writeable network share to onboard our servers, so we are running with the -NoMSILog and -NoEtl parameters.

However the script has hard-encoded test for writeable script directory.

This test should first check if it is required.

line 570: $_ -match 'reg\s+add\s+"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Advanced Threat Protection"\s+\/v\s+OnboardingInfo'
line 593: $_ -match 'reg\s+add\s+"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Advanced Threat Protection"\s+\/v\s+696C1FA1-4030-4FA4-8713-FAF9B2EA7C0A'

Change reg\s into reg.exe\s and it works again.

The Windows Server 2016 had Powershell 5.1 installed and threw the error below.
The File ist not existing C:\Program Files\Windows Defender\MpCmdRun.exe

Name                           Value
----                           -----
PSVersion                      5.1.14393.5066



Invoke-MpCmdRun : Cannot validate argument on parameter 'FilePath'. The " Test-Path -Path:$_ -PathType:Leaf "
validation script for the argument with value "C:\Program Files\Windows Defender\MpCmdRun.exe" did not return a result
of True. Determine why the validation script failed, and then try the command again.
At C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main\Install.ps1:730 char:17
+                 Invoke-MpCmdRun -ArgumentList:@('WDEnable')
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Invoke-MpCmdRun], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Invoke-MpCmdRun

It installed only the Features and then the error happened

PS C:\temp\DefenderOnboarding\2012R2and2016\mdefordownlevelserver-main> Get-WindowsFeature defend

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] Windows Defender Features                           Windows-Defender-Fea...        Installed
    [ ] Windows Defender                                Windows-Defender               Available
    [ ] GUI for Windows Defender                        Windows-Defender-Gui           Available

I then installed the Features manually which worked

Install-WindowsFeature Windows-Defender
Install-WindowsFeature Windows-Defender-GUI

The folder is still empty, and Server needed a reboot

Afterwards the Script ran through without issues

We noticed this script returns the incorrect version number for servers that have been updated from 2012 to 2012 R2, while dism and registry report 6.3 the system variable being pulled in the script finds 6.2. Should the script read the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion to more reliably return OS version?

In the updateplatform.exe log file in C:\Windows\temp we have the following line
ERROR 0x80501005 : Failed to update platform from C:\Users\ADMINI~1.SVG\AppData\Local\Temp\C825D6EC-36AD-4487-968D-FBA1B9B06AB9

The error reported by install.ps1 is
Command "UpdatePlatform.exe" failed with error -2142236667 after 00:00:04.2079816

We usually get better results from google with the hexadecimal error than decimal.

BTW. In this case there is no useful information to be found since the error appears to be very rare.

When attempting to run the script in Powershell with Execution Policy of Remote Signed the script is rejected. Powershell states the script is not digitally signed and therefore will not allow execution unless using a different execution policy.

Hi, the cert used to sign the latest version of the install.ps1 file is different to before and has an intermediate cert of: 'Microsoft Windows PCA 2010' expiry 7/07/2025 - can the bundled cert be updated to reflect this change?

I had to migrate 5 Windows 2016 servers, 4 machines where migrated successfully with the script.
One machine is exiting with :
D:\Sources\mdefordownlevelserver-main\Install.ps1 : install exitcode: 1603.
At line:1 char:1

• .\Install.ps1 -OnboardingScript ".\WindowsDefenderATPOnboardingScript ...

•   + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install.ps1
  
  

Checking the MSI log file I can see :
MSI (s) (F8:08) [14:12:24:481]: Product: Microsoft Defender for Endpoint -- MDE should be offboarded before uninstall

Any idea what the problem can be ?
Thanks

Hi,

On our Server2012r2 fleet, when trying to deploy MDE we receive
"@C;\Program Files\Windows Defender\MpAsDesc.dll,-310' (WinDefend)".

This issue happens whether we run it manually or with the install.ps1 script. The install.ps1 script reports back 1603 error (which is a general error for the above more specific errror.

We seeing this on 5 (out of 5 so far), but we have a fleet of 400 to deploy this too.

Servers are fully patched.

It's worth noting that before the MDE installer has been run there is no existing "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" key.

This can be worked around by deleting “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend” , rebooting, attemping to install again, deleting the “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend” key AGAIN, then rebooting then the install works fine.

My observations seem to show the installer needs to be run twice, and cleaned up manually, and rebooted between this before working.

I've got a MS case open, but hoping to spread the word / find others with this issue

Hello,

The script checks to see if KB3080149 and KB2999226 have been applied to the server and installs them if not. The following Docs show that there are no other prerequisites as long as the latest monthly rollup package is applied.
Therefore, is it possible to fix it so that KB3080149 and KB2999226 are not applied in environments where the latest monthly rollup package has been applied?
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide#windows-server-2012-r2-and-windows-server-2016

If you have fully updated your machines with the latest monthly rollup package, there are no additional prerequisites.

I have an additional question: when do you expect to fix #8 and #12?
I have confirmed the above trouble in my environment, and if I modify the script myself, I get an error in the digital signature, this time because the hash is changed.
(I was able to avoid the signature error by setting ExecutionPolicy to bypass.)
Unfortunately, install.ps1 does not work as expected without some modifications on the part of the user, which is a problem for many users.

Best regards,