With the GUI I just use MMC \ Certificates and do an import and point to my AD integrated certificate for ldaps, how can i accomplish this with powershell
I am trying this to no avail
Get-Certificate -Template ldaps -CertStoreLocation cert:\localmachine\MY -Credential $cred -Url http://rootca/certsrv
Error:
Get-Certificate : CX509EnrollmentPolicyWebService::Initialize: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER). This may be the result of user credentials being required on the remote machine. See Enable-WSManCredSSP Cmdlet help on
how to enable and use CredSSP for delegation with PowerShell remoting.
At line:1 char:1
+ Get-Certificate -Template Computerv2 -CertStoreLocation cert:\localma ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-Certificate], Exception
+ FullyQualifiedErrorId : RemotingFailure,Microsoft.CertificateServices.Commands.GetCertificateCommand
certreq -enroll -machine -q "LDAPS_CERTIFICATE"
Related
I ran the following Powershell in Runbook and got an error.
If there are any inappropriate parts in the logic, I would appreciate it if you could point them out.
Supplemental
When I changed the name to Get-PnPFolderItem instead of Get-PnPProvisioningTemplate and executed it, it worked fine.
Therefore, I think that Connect-PnPOnline is able to connect normally.
$TempSiteUrl = Get-AutomationVariable -Name 'SiteTemplateUrl'
$myCred = Get-AutomationPSCredential -Name SharePointConnect
Connect-PnPOnline -Url $TempSiteUrl -Credentials $myCred
Get-PnPProvisioningTemplate -Out template.xml
Error message
Get-PnPProvisioningTemplate : There is currently no connection yet. Use Connect-PnPOnline to connect.
At line:4 char:1
+ Get-PnPProvisioningTemplate -Out template.xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-PnPProvisioningTemplate], InvalidOperationException
+ FullyQualifiedErrorId :
System.InvalidOperationException,PnP.PowerShell.Commands.Provisioning.Site.GetProvisioningTemplate
Please try to use Get-PnPSiteTemplate instead: https://learn.microsoft.com/en-us/powershell/module/sharepoint-pnp/get-pnpsitetemplate?view=sharepoint-ps
Hi I am getting below access denied error while accessing file remotely even though I have access to shared location .Kerberos credential delegation is enabled
PS C:\Users> $uname = "abrac\svc-igniopro-connect"
$password = "P#er***" | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $uname,$password
Invoke-Command -ComputerName EABP01IGCHEA01 -Credential $cred -ScriptBlock {Get-Content "\\Ebrfile01\tcs\IT\INFRA IGNIO SOX\vdi NS list 1.csv"}
Access is denied
+ CategoryInfo : PermissionDenied: (\\Ebrfile01\tcs...i NS list 1.csv:String) [Get-Content], UnauthorizedAccessExceptio
n
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetContentCommand
+ PSComputerName : EABP01IGCHEA01
Cannot find path '\\Ebrfile01\tcs\IT\INFRA IGNIO SOX\vdi NS list 1.csv' because it does not exist.
+ CategoryInfo : ObjectNotFound: (\\Ebrfile01\tcs...i NS list 1.csv:String) [Get-Content], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetContentCommand
+ PSComputerName : EABP01IGCHEA01
You have to enable CredSSP (see: Enable-WSManCredSSP) on both the client and server (necessary for this double hop authentication).
First enable on your client to server direction by running this on your machine:
Enable-WSManCredSSP -Role "Client" -DelegateComputer "EABP01IGCHEA01"
Then on your server EABP01IGCHEA01, enable the Server role so that it can act as a delegate:
Enable-WSManCredSSP -Role "Server"
Then you have to explicitly specify the authentication method as CredSSP as it won't connect with it by default:
Invoke-Command -ComputerName EABP01IGCHEA01 -Authentication Credssp -Credential $cred -ScriptBlock {Get-Content "\\Ebrfile01\tcs\IT\INFRA IGNIO SOX\vdi NS list 1.csv"}
Please note the security implications of enabling CredSSP:
Caution:
CredSSP authentication delegates the user credentials from the local
computer to a remote computer. This practice increases the security
risk of the remote operation. If the remote computer is compromised,
when credentials are passed to it, the credentials can be used to
control the network session.
I have access as an admin on a machine and I have to Start, Stop and Restart some of the window services using the Powershell script. We don't want to have UAC prompt while running the script because only one user would have access to that machine. Also due to some specific requirements, we have to have run that script file by adding the admin credentials inside it.
Along with other solutions I have tried so far, the one close to what I am looking for is as follows
$username = "Domain\user"
$password = ConvertTo-SecureString "myPassword" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)
Set-Service -Name Spooler -Status Running -PassThru -Credential $psCred
But I am getting following error.
Set-Service : A parameter cannot be found that matches parameter name
'Credential'. At line:6 char:53
+ ... t-Service -Name Spooler -Status Running -PassThru -Credential $psCred
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-Service], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.SetServiceCommand
Update 1 (Trying suggestion)
Invoke-Command -credential $psCred -command {Set-Service -Name Spooler -Status Running -PassThru} -computername myComputerName
[myComputerName] Connecting to remote server myComputerName failed
with the following error message : The client cannot connect to the
destination specified in the request. Verify that the service on the
destination is running and is accepting requests. Consult the logs and
documentation for the WS-Management service running on the
destination, most commonly IIS or WinRM. If the destination is the
WinRM service, run the following command on the destination to analyze
and configure the WinRM service: "winrm quickconfig". For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (myComputerName:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : CannotConnect,PSSessionStateBroken
Update 2
I had to enabled PSRemoting on machine using command Enable-PSRemoting -Force -SkipNetworkProfileCheck so Invoke-Command can execute but after repeating the command Invoke-Command -credential $psCred -command {Set-Service -Name Spooler -Status Running -PassThru} -computername localhost I got following error
[localhost] Connecting to remote server localhost failed with the
following error message : Access is denied. For more information, see
the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (localhost:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
Running the same set of command in elevated powershell window is working fine.
Can you please guide me in the right direction considering I am newbie in the Powershell world.
As mentioned in the official documentation of Set-Service
Can you try like this?
$Cred = Get-Credential
$hostname = "$env:computername.$env:userdnsdomain"
Write-Host $hostname
Invoke-Command -ComputerName $hostname -Credential $Cred -ScriptBlock{ Start-Service -Name Spooler}
Also if you don't want to prompt for the credentials then you can store the credentials in the Windows credentials manager and get it from their in your PowerShell script. Refer to this answer for using credential manager with PowerShell
Hi I want to login into my remote server using power shell . I wrote code for this but I am getting error .
CODE
$cred = get-credential - Prompts for username and password
Enter-PSSession -ComputerName servername -Credential $cred
ERROR
Get-Credential : A positional parameter cannot be found that accepts
argument 'Prompts'.At C:\documents\Untitled8.ps1:1 char:9
+ $cred = get-credential - Prompts for username and password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Credential], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetCredentialCommand
Enter-PSSession : Connecting to remote server XXXXX failed with the
following error message : Access is denied. For more information, see
the about_Remote_Troubleshooting Help topic.At
C:\documents\Untitled8.ps1:5 char:1
+ Enter-PSSession -ComputerName servername -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (servername:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
Any clue regarding this will help....
Get-Credential : A positional parameter cannot be found that accepts argument 'Prompts'
Anybody have any clue how to login into remote server in power shell using servername..any clue any link regarding this will be helpful
The problem is that there it can´t find a positional parameter, where "Prompts" is accepted. If you look at the help file for Get-credential you will see that the -Credential paramenter is positional, meaning you dont need to type it.
Try with this
$cred = get-credential -Message "Prompts for username and password"
Enter-PSSession -ComputerName servername -Credential $cred
Some reading about positional parameters
https://itknowledgeexchange.techtarget.com/powershell/positional-parameters/
I need to install .cer certificate into "Trusted Devices" folder because I have PowerShell script which automatically installs software and only thing that is blocks the hole script is windows which asks about trustworthy of the dongle driver.
I use this cmdlet inside Vagrant
vagrant.exe powershell -c "Import-Certificate -Filepath C:\vagrant\Microcosm.cer -CertStoreLocation Cert:\Local Computer\TrustedDevices"
Here is error message output
vagrant.exe : The following WinRM command responded with a non-zero exit status.
At line:1 char:2
+ vagrant.exe powershell -c "Import-Certificate -Filepath C:\vagrant\Microcosm.ce ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (The following W...ro exit status.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Vagrant assumes that this means the command failed!
Import-Certificate -Filepath C:\vagrant\Microcosm.cer -CertStoreLocation Cert:\Local Computer\TrustedDevices
Stdout from the command:
Stderr from the command:
#< CLIXML
<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04"><S S="Error">Import-Certificate : A positional parameter cannot be found that accepts argument 'Computer\Trust
edDevices'._x000D__x000A_</S><S S="Error">At line:1 char:40_x000D__x000A_</S><S S="Error">+ ... lyContinue';Import-Certificate -Filepath C:\vagrant\Microcosm.cer -Ce ..._x000D__x000A_</S><S
S="Error">+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_x000D__x000A_</S><S S="Error"> + CategoryInfo : InvalidArgument: (:) [Import-Certificate], P
arameterBindingException_x000D__x000A_</S><S S="Error"> + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.CertificateServices.Commands.ImportCertificateComm _x000D__x000A_</
S><S S="Error"> and_x000D__x000A_</S><S S="Error"> _x000D__x000A_</S></Objs>
Cert:\Local Computer\TrustedDevices has a space in it. Try this with escaped quotes around your path:
vagrant.exe powershell -c "Import-Certificate -Filepath C:\vagrant\Microcosm.cer -CertStoreLocation `"Cert:\Local Computer\TrustedDevices`""