I have a script block that I'm trying to make it run as a different domain user.
$Username = 'domain\test'
$Password = '1234'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName,$pass
Invoke-Command -ScriptBlock{
write-host "hello"
} -Credential $cred -ComputerName $env:COMPUTERNAME
When I run it I got the following error:
[test-pc] Connecting to remote server test-pc failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests.
Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM se
rvice: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
Why the script is trying to authenticate locally and not against the DC ?
Thanks
If you don't actually want to run the script remotely, you can use Start-Process to run Powershell as another user, which will then execute your command/script as that user.
(See powershell command line help for full syntax options and examples)
# Using Get-Credential to illustrate, substitute with your own credential code
$cred = Get-Credential
# Run Command:
Start-Process -FilePath Powershell -Credential $cred -ArgumentList '-Command', 'Write-Host "Hello"'
# Run Script:
Start-Process -FilePath Powershell -Credential $cred -ArgumentList '-File', 'C:\folder\script.ps1'
Related
How does one connect anonymously to an SMB share in powershell using New-PSDrive?
I've tried omitting the -Credential param but this seems to use the currently logged in user. This works when I test using a domain account, however the problem is for normal operation the currently logged in user is a local kiosk user for assigned access that the domain file server does not recognize.
I've also tried using the following, however it prompts for user input. As this is run as a scheduled task for background operation - this is unacceptable.
$Credentials = Get-Credential -UserName 'NTAUTHORITY\Anonymous Logon'
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I have enabled the local security policy option on the file server for "Network access: Let Everyone permissions apply to anonymous users".
How do I utilize the "anonymous" user connection with New-PSDrive?
-- edit --
I've also tried this
$Credentials = [pscredential]::Empty
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
However, the output is:
>> TerminatingError(New-PSDrive): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct"
The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct
Anonymous mounts use an 'empty' user and password for the credential block so you can do the same.
This works for me and allows file creation on the share:
$User = " " # Create 'empty' username
$PWord = ConvertTo-SecureString -String " " -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
New-PSDrive -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I'm building a VM image in Azure through automation pipelines using PowerShell. One of the requirements is to install a certificate on the CurrentUser store for a specific user. When I am currently logged into the VM, I can run the following command through Azure Run Commands:
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
$session = New-PSSession $env:ComputerName -credential $Credential
$command = {
param($certPassword, $filePath)
Import-PfxCertificate -FilePath $filePath -CertStoreLocation Cert:\CurrentUser\My -Password $certPassword
}
Invoke-Command -ScriptBlock $command -ArgumentList $certPassword,$filePath -Session $session
When I am not currently logged into the VM under that user, I get an Access Denied error. The error goes away as soon as I login to the machine again. If I run the pipeline while I'm logged into the VM, it succeeds.
What is different about PowerShell permissions while I am logged into the VM?
I am trying to run a powershell script from a TeamCity Windows Slave to another server for deploying my application.
This is BuildConfig:
username = "<username>"
$password = "<password>"
$secstr = New-Object -TypeName System.Security.SecureString;
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr;
Invoke-Command -ComputerName "<computer_name>" -Credential $cred -FilePath "deploy.ps1"
I am getting the following error.
following error message : Logon failure: unknown user name or bad password.
[13:57:52] [Step 1/1] For more information, see the about_Remote_Troubleshooting Help topic.
I have used the correct User name and password only.
I have also checked the Local User security policies. Am I missing something?
Is it just a paste error that missed the $ from username ?
Does the user name and password work fine outside the script ?
Are the variables being substituted in properly. Do the logs show ?
I’ve never used that construct to make a pscredential before. Is this one mentioned here not working.
https://pscustomobject.github.io/powershell/howto/PowerShell-Create-Credential-Object/
I am trying to manage a Windows server 2012 R2 Standard server over winrm. On the server I would like to run dnscmd from the rsat package. You can see below if I just run the dnscmd in the power shell prompt it is successful. However when I invoke it remotely over winrm the command fails with ERROR_ACCESS_DENIED.
PS C:\Windows\system32> dnscmd adServer /RecordDelete mycompany.com newTestRecord A /f
Deleted A record(s) at mycompany.com
Command completed successfully.
PS C:\Windows\system32> Test-WsMan localhost
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0
PS C:\Windows\system32> Invoke-Command -ComputerName localhost -ScriptBlock {
>> dnscmd adServer /RecordDelete mycompany.com newTestRecord A /f
>> }
Command failed: ERROR_ACCESS_DENIED 5 0x5
PS C:\Windows\system32> Invoke-Command -ComputerName localhost -ScriptBlock {
>> hostname
>> }
myServerHostname
The issue was double-hop/multi-hop. When you login over winRM it doesn't want to allow you to use the same credential token to reach to a different machine. I got around this issue by connecting over winrm then opening up a nested Powershell session. It's essentially refreshes the tokens allowing the user to connect to the active directory server.
Please see the following for more information
https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/
https://blogs.msdn.microsoft.com/sergey_babkins_blog/2015/03/18/another-solution-to-multi-hop-powershell-remoting/
Make sure to install Remote Server Administration Tools (RSAT) for dnscmd.
$password = '{pass}' | ConvertTo-SecureString -AsPlainText -Force
$username = '{user}'
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $username,$password
Invoke-Command -ComputerName localhost -Credential $cred -ConfigurationName svc_dns_middleMan -ScriptBlock {
'{dnscmd_commands}'
}
I'm new to the Jmeter and I need to run an executable file that exists on a remote windows machine, I used OS sampler request but I don't know how to make it connect to the remote machine
There are 2 options:
Using PsExec like:
Command: `cmd.exe'
First argument: /c
Second argument: `/path/to/psexec.exe \your-remote-machine -u username -p password -c /path/to/file.exe
Using Windows Powershell Remoting
Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
First argument: $password = ConvertTo-SecureString -String ${password} -AsPlainText -Force; $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "${username}",$password; Invoke-Command -Computer ${host} -cred $credentials -scriptBlock { /path/to/file.exe }
More information: How to Run External Commands and Programs Locally and Remotely from JMeter