So here's my issue.
A company we acquired uses a jump box. Which is a server that I need to access to be able to jump to other server.
So I'm running a script to enter the jumpbox, and then run get-aduser to access 3 other domains that are accessible by this server.
If i use mstsc to remote into the box, i can run the command:
get-aduser -filter * -server firstdomain.com
this runs fine, and gathers all the users. However, if i run a script that uses psremoting, and then try to run the command above - it returns an error stating that it cannot find the server.
The commands look like this:
enter-pssession -computer 10.0.2.70 -credential (get-credential)
The command line changes to indicate that future commands are run through the server i've remoted into.
[10.0.2.70]: PS C:\windows\system32> get-aduser -filter * -server firstdomain.com
this returns the error stating that it cannot find the server. Any ideas?
Related
Editing to be clear with the issue
I am running the below code from a local computer which should run the script Test.ps1 placed on $server at C:\Temp to collect data from $server and other servers.
When i perform this, the script runs but i only get data for the $server and not the others. While if i run the C:\Temp\Test.ps1 script sitting on the $server, i get the desired output for all servers.
I am using this code
$s = New-PSSession -ComputerName $server -Credential $credential
Invoke-Command -Session $s -Command {C:\Temp\Test.ps1}
I am getting the output for the remote server on which the code is placed (localhost for the script), buti am not getting any output for the other servers.
While if I run the script locally on the remote server i get output from all the servers
The script does not have to be on the remote host. PowerShell allows you to run local PS1 scripts on remote computers.
Running Remote Commands
https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.1
Run a Script
To run a script on one or many remote computers, use the FilePath
parameter of the Invoke-Command cmdlet. The script must be on or
accessible to your local computer. The results are returned to your
local computer.
For example, the following command runs the DiskCollect.ps1 script on
the remote computers, Server01 and Server02.
Invoke-Command -ComputerName Server01, Server02 -FilePath 'c:\Scripts\DiskCollect.ps1'
As for this...
'My requirement is to run that script from the remote host per
security protocols'
... just use a script block as shown via the same MS Docs link
Run a Remote Command
To run a command on one or more computers, use the Invoke-Command
cmdlet. For example, to run a Get-UICulture command on the Server01
and Server02 remote computers, type:
Invoke-Command -ComputerName Server01, Server02 -ScriptBlock {& .c:\Scripts\DiskCollect.ps1}
Of course, I just removed Get-UICulture cmdlet in the docs command, with a script to use.
It depends on how your remote script uses credentials to access other servers. This should classify as a double hop issue.
If you cannot use CredSPP, you can use Resource-Based Kerberos Constrained Delegation
or use credentials inside the Invoke-Command scriptblock i.e. you can define a credential object on the local computer to be used in the -credentials parameter, and refer to it with $using:cred in your scriptblock.
The article does a good job of summarizing all your options.
I am attempting to connect to a server using a remote PSsession and run a JEA configuration. But when I run the command
Enter-PSsession -ComputerName $server -ConfigurationName $config
It throws the following error:
Enter-PSSession : Value cannot be null.
Parameter name: sessionDetails
After examining the PSsession documentation I can't find a parameter named sessionDetails? What is going on?
FURTHER DETAILS:
Enter-PSession $server
Connects to the server without error. And when I'm on the server it's self, the command:
Enter-PSession -ComputerName localhost -ConfigurationName $config
Also enters a PSsession without error. So I'm definitely able to access the server and the configuration definitely works (at least on local host).
Add in your .pssc file a line with TranscriptDirectory = 'xxx'
With xxx the folder where audit trail logging will be stored. This will log on the server where you register the JEA script who connected.
In such logging file you can see a line like:
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.10032.0, 6.2.0
This indicates the powershell versions that are supported for the CLIENT side.
In case you are using a client version that is not listed you get that error.
Enter-PSSession may not be used correctly by you. Try the below syntax.
Command to start an interactive session with Server01, a remote computer. When the session starts, the command prompt changes to include the computer name.
PS C:\> Enter-PSSession -ComputerName Server01
[Server01]: PS C:\>
Command to get the PowerShell process and redirects the output to the Process.txt file. The command is submitted to the remote computer, and the file is saved on the remote computer.
[Server01]: PS C:\> Get-Process Powershell > C:\test\Process.txt
Exit command to end the interactive session and close the connection.
[Server01]: PS C:\> exit
PS C:\>
I'm having a bit an issue invoking a command to remotely turn off services via PowerShell. I'm successful when using
(Get-Service -Name tomee -ComputerName servernamefqdn).Stop()
However when using
Invoke-Command -ComputerName servernamefqdn -Credential $creds -ScriptBlock {
(Get-Service -Name tomee).Stop()
}
I get errors
enter-pssession...winrm cannot process
and
The following error occurred while using Kerberos authentication: Cannot find the computer servernamefqdn.
I'm using my own credentials to pass in invoke. I've already ran the quick config for WinRM and added trusted sites for all. I'm not understanding why the first command works but the invoke command doesn't seem to find the server. The goal is the script will remotely stop services using another account. I read 1 other person having this same issue but no real solution for me. Any ideas?
It seems I can not find clearly written somewhere that when using WMI accelerator in a PowerShell script, you can not pass on authentication.
A little background ...
I am writing PowerShell scripts for SCCM 2012 and found, for instance, the following quite using :
PS R:\> ([wmi]((gwmi -namespace root\sms\site_AAA -class SMS_Application -filter
"LocalizedDisplayName LIKE '%Winzip_Tartempion%'")
.__PATH)).SDMPackageXML
When executed locally (on the SCCM primary server, it works fine and swiftly.
However, the following ends up in error when executed from my desktop computer running W7 :
PS R:\> ([wmi]((gwmi -namespace root\sms\site_AAA -credential $cred
-ComputerName CEMTECH
-class SMS_Application -filter "LocalizedDisplayName LIKE
'%Winzip_Tartempion%'")
.__PATH)).SDMPackageXML
For the time being, using a PSSession is out of the question.
With the current infrastructure I have to deal with, using SCCM commandlet is out of the question.
My only question here is : can you confirm that we can not pass any authentication with a WMI accelerator ? At that point, I am searching for that answer mainly for my curiosity. I found a way to manage with my current constraints. It is just that I find the accelerators so "elegant".
Now why do I need it ? I need to access "lazy properties" without using SCCM cmdlets, from a desktop computer to which the user is logged on with an account which will not be the same as the name authorized to connect/access the SCCM primary server.
What I still did not find is how to use "*.__PATH" with the Get-WMIObject cmdlet.
The WMI-accelerator [wmi] doesn't support alternate credentials.
Why do you need it? You could just run:
$obj = Get-WmiObject -namespace root\sms\site_P41 -credential $cred -ComputerName qs07352 -class SMS_Application -filter "LocalizedDisplayName LIKE '%Winzip_Tartempion%'"
$obj.Get()
$obj.SDMPackageXML
I need to write a program / script to change the account name and password on certain services running on a remote server. I intend to do it with Powershell. Is that the best solution or is there something else that would be more suitable?
A quick google search brought up this script:
$account="domain\userName"
$password="password"
$svc=gwmi win32_service -filter "name='alerter'"
$svc.change($null,$null,$null,$null,$null,$null,$account,$password,$null,$null,$null)
Am I mistaken in thinking the above script works on the local machine? If that is true, how do I do the same for a service on a remote machine?
The command is running on your local machine. Use the -ComputerName parameter to run it on remote systems.
$svc=gwmi win32_service -filter "name='alerter'" -ComputerName Server1,Server2