You have a secondary feature enabled which has a functionality to log script-blocks, undoubtedly in Group Policy or elsewhere. Such features will not allow the executable to run because of how it must maintain its own integrity when processing changes to the WIM file per its access to the actual WIM's internal handle that WimGapi uses. This ensures that no secondary background processes can interact with the actual processes and lead to corruption. Unlike DISM, etc. if WimGapi is set up to track image integrity, and another process is detected to be acting on the WIM file, it will immediately release the WIM handle to prevent any unnecessary corruption. This is done using WimGapi's Win32 P/Invoke along with a SafeHandle public sealed class. The non-executable does not have such checks because it does not use a native method for accessing and converting the WIM file.