One reason could be that the user context where the script is running is not the one you are expecting (typical when your script is indeed run by Local System). Try to dump the SID obtained by the WindowsIdentity class somewhere and check it after the script has been run by GPO.
Andrea ________________________________ This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Should you receive this message in error, you are kindly requested to inform the sender and to definitively remove it from any computer. The opinions expressed in this e-mail are solely those of the author. This message does not constitute any formal commitment on behalf of the European Union Satellite Centre.
