I've got a powershell script to archive log files. The script is intended to be run daily from a scheduled task as a specified user 'LogArchiver'.
The script uses the aws-cli to copy the file to S3 and needs sufficient credentials to access the bucket which are stored in the user directory C:\Users\LogArchiver\.aws as recommended in the aws docs.
When I run the script from a powershell terminal running as the user it recognises the credentials and successfully copies files to S3. But when it is run from the scheduled task it doesn't recognise the aws credentials and writing the Transcript to file shows the message:
Unable to locate credentials. You can configure credentials by running "aws configure".
Anyone know why this is and any fixes to it? I've read in another post about scheduled tasks doing funny things to environment variables but not sure if that would cause the problems i'm having.
Turns out that it was a bug in server 2012 and is fixed by this patch
https://support.microsoft.com/en-gb/kb/3133689
The 'fix' for me was to change the USERPROFILE environment variable at the top of the script with
$env:USERPROFILE = "C:\Users\LogArchiver"
Not elegent, but works.
Related
First off, I didn't have this issue until setting up my agent to run as a windows service.
My company has custom cmdlets we have built that are part of the default profile that is loaded when running powershell. I am using Jenkins to execute a batchfile that iterates a command over a series of machines. After settings up Jenkins to be a service, it no longer has access to those cmdlets leading me to believe the profile isn't being loaded. If I load the profile manually by running the profile script, it only seems to work on the first machine.
When setting up Jenkins as a service, I configured it to be the same user that I would manually run these scripts as if I were to login to the computer. I have verified it is using the proper user with $env:UserName.
I am at a loss as to why setting up jenkins as a windows service broke this. I could revert to using the command line to connect to Jenkins, but that doesn't always connect post server maintenance or after a power outage.
Did I configure something wrong or is there a way to load profiles instead of jenkins always running -NoProfile?
Update - I noticed when running $PROFILE it was set to a default profile location that did not exist. It seems when opening powershell manually on the machine it loads the AllUsersCurrentHost profile but this doesn't happen when using powershell from Jenkins when running as a service. I created the file location where it said it was using the profile and copied the default profile there and it works. I am still not sure why the behavior differs, but at least I found a solution.
I'm trying to automate the deployment of the solution my team is working on through TFS Build server. One of the steps which executes a PowerShell script on the target machine fails with the following error:
Microsoft ODBC Driver 11 for SQL Server : Login failed for user 'sa'..
The PowerShell script I'm trying to execute does in fact connect to multiple databases using the sa credentials. When I try to execute the same script passing it the exact same arguments by hand (i.e: executing the script from the target machine VM itself) it works like a charm. But when it is being executed as part of the build steps it fails with the aforementioned error.
Is there a way to further debug the issue? It would be great if there is a way to output trace statements from the script so I could have some insight on what is actually going on.
Usually all the related error should reflect in TFS build log. To narrow your issue you can try to connect to the TFS build agent with the credentials used for the build service and manually run the ps script.
If you execute the ps script with your own account, which will not help to the issue. Usually this kind of problems is related to permissions. Your build service account are lack of related permission. Try to add it to Administrator or SQL Administrator group and execute the build again.
I have added a PowerShell script as a Group Policy computer startup script. The script runs fine and does all of the tasks fine. However, at the end of the script, it is supposed to copy a log file to a file share, which it is not doing. The file share shows that "SYSTEM" has full control, so I'm not sure what the issue is. I'm able to run the script as admin while on the same machine and it will copy the log to the server without a problem. It does not do this via computer startup script (under SYSTEM account) though. Any ideas?
You will need to give the computer account write permissions on the network share. When the SYSTEM account is used to access a network resource it will do so as the domain account of the computer (DOMAIN\COMPUTER$).
I am using Putty to transfer files from my windows machine to Linux machine.
I am able to transfer, when i run the script and also if i run the same script using Schedule task with my credentials.
if schedule the task to run using system account(SYSTEM) or other user account, file transfer not happening.
Do i need to save any session vales?
PuTTY saves session information in the registry for the current user only, this information will simply be not available for the other accounts you mentioned. So you either need to provide them by exporting yours and importing them in the other user's accounts or simply provide everything needed on the shell command invoked to copy your files. The latter sounds much easier to me in combination with a little script which gets invoked by the task scheduler.
I have set-executionpolicy unrestricted. I was able to run scripts previously. After I got an error running a powershell script, I started getting the following error:
File C:..\test.ps1 cannot be loaded because its operation is blocked by
software restriction policies, such as those created by using Group Policy.
It doesn't matter what is in the script file I am trying to run.
From what I can tell nothing else has changed. I was doing something with a remote powershell session to a remote machine, got an error. Then was unable to run scripts locally unless I run powershell.exe as administrator.
Software Restriction Policies (SRP) have nothing to do with Powershell directly.
Someone has set a restriction on what can be run and/or from where it can be run.
This isn't related to Powershell Execution Policy, Powershell Remoting, nor administrative rights/privileges.
Typically SRP is set through Group Policy and pushed out (I'm guessing you're on a domain).
You could use rsop.msc on your machine to try to determine what the settings are and maybe which policy is applying them.
If you want more information on SRP you should probably post on ServerFault.