How to run my PowerShell module cmdlet as SYSTEM?

To summarize:

• Your problem was that the module you want your scheduled task to use was installed in the scope of the current user, which a task running as a different user, such as
  NT AUTORITY\SYSTEM, would not see.

  • The simplest solution is to install the module for all users, via the -Scope AllUsers argument passed to Install-Module (requires elevation).

  • However, there is a solution even if that is not possible or desired, namely to pass the full module path to an explicit Import-Module call performed in the context of the task, as shown below.

• Since your task needs to run with elevation, as you state, running in the context of the current user is only an option if that user is an administrator; as you have found, you can set that up as follows (requires elevation):

  $taskPrincipal = 
    New-ScheduledTaskPrincipal -LogonType S4U -UserId $env:USERNAME -RunLevel Highest
  

• Running a task as user NT AUTORITY\SYSTEM invariably runs:

  • with elevation, given that this account is a highly-privileged built-in account with extensive local privileges, and which "acts as the computer on the network".

  • invisibly (in the same hidden session / window station that services run in, hence the use of -LogonType Service).

  • whether or not a user is currently logged on

  • with C:\Windows\System32 as the working directory by default

  • with value <hostname>$ reflected in $env:USERNAME, where <hostname> is the name of the local machine, and $HOME / $env:USERPROFILE containing C:\Windows\system32\config\systemprofile.

    • Running whoami.exe reveals the true account name:
      nt authority\system

The following self-contained example:

• creates a task that executes once, 5 seconds after creation
• runs as NT AUTHORITY\SYSTEM
• creates a sample script module in the current user's home dir. that the task explicitly imports
• calls a function from that module, which reports information about the runtime environment and logs the result in a text file in the current user's home dir.
• waits for the task to run and shows the logged information.
• cleans up after itself (the temporary files created are ~/_test.psm1 and ~/_test.txt, and the temporary task is named _Test)

#requires -RunAsAdministrator

# Abort on any error.
# Note: Since the *-ScheduledTask* cmdlets are implemented as 
#       CDXML-based *script* modules, they only see preference vars.
#       in the *global* scope - see https://github.com/PowerShell/PowerShell/issues/4568
$prevEaPref = $global:ErrorActionPreference
$global:ErrorActionPreference = 'Stop'

try {

    # Create a simple script module that exports function Get-Foo,
    # in the current user's home dir., named '_test.psm1'
    @'
function Get-Foo { "Hi, I'm running at $(Get-Date)`n * as $env:USERNAME (whose home dir. is '$HOME')`n * in '$PWD'`n * $(('NON-elevated', 'ELEVATED')[[bool] (net session 2>$null)])." }
'@ > ~/_test.psm1

    # Set up the scheduled task:

    # The command (program) to run.
    # Import the test-module via its full path, call Get-Foo, and redirect all output streams
    # to file '_test.txt' in the current users' home dir.
    $action = New-ScheduledTaskAction -Execute powershell -Argument "-ExecutionPolicy Bypass -NoProfile -Command & { Import-Module `"$((Get-Item ~/_test.psm1).FullName)`"; Get-Foo } *> `"$((Get-Item ~).FullName)\_test.txt`""

    # Run as 'NT AUTHORITY\SYSTEM', which runs:
    #  * invisibly
    #  * whether or not someone is logged on
    #  * implicitly with elevation
    $user = New-ScheduledTaskPrincipal -UserID 'NT AUTHORITY\SYSTEM' -LogonType ServiceAccount

    # # Advanced settings such as whether to allow start on demand, not running when on batter power, ... 
    # $settings = New-ScheduledTaskSettingsSet

    # When to run it: Run a few seconds from now, once.
    $secsFromNow = 5
    $when = (Get-Date).AddSeconds($secsFromNow)
    $trigger = New-ScheduledTaskTrigger -Once -At $when

    # Create the task from the above.
    $newTask = New-ScheduledTask -Action $action -Principal $user -Trigger $trigger

    # Register the task with name '_Test'
    Write-Verbose -Verbose "Creating task..."
    Register-ScheduledTask '_Test' -InputObject $newTask -Force

    Write-Verbose -Verbose "Task will execute invisibly in $secsFromNow seconds, running as 'NT AUTHORITY\SYSTEM'. Waiting (plus a few extra seconds)..."
    Start-Sleep ($secsFromNow + 5) # Wait an extra few seconds to give the task time to complete.

    Write-Verbose -Verbose "Task is assumed to have run. Output logged:"
    Get-Content ~/_test.txt
}
finally {
    # Clean up.
    Remove-Item -ErrorAction Ignore ~/_test.psm1, ~/_test.txt
    Unregister-ScheduledTask -ErrorAction Ignore -TaskName _Test -Confirm:$false
    $global:ErrorActionPreference = $prevEaPref
}

Sample output:

VERBOSE: Creating task...

TaskPath                                       TaskName                          State
--------                                       --------                          -----
\                                              _Test                             Ready
VERBOSE: Task will execute invisibly in 5 seconds, running as 'NT AUTHORITY\SYSTEM'. Waiting (plus a few extra seconds)...
VERBOSE: Task is assumed to have run. Output logged:
Hi, I'm running at 01/11/2023 17:06:04
 * as WORKSTATION1$ (whose home dir. is 'C:\Windows\system32\config\systemprofile')
 * in 'C:\Windows\system32'
 * ELEVATED.

The last 4 lines are the module function's (Get-Foo's) output, proving that the module was successfully imported in the context of the task.