So I have a server set up for remoting called "Server01" so I can use the PS2 configuration.
Problem is I want to run the ISE as PS2 on the same machine.
So I am trying:
$username = "Domain\User"
$password = "Password"
$cred = new-object -typename System.Management.Automation.PSCredential -ArgumentList $username, $password
$s=new-PSsession "Server01" -authentication Credssp -credential $cred -ConfigurationName PS2
Invoke-Command -Session $s -ScriptBlock {
}
Remove-PSSession $s
while on "Server01" and I am getting an access denied error. I have made sure "Allow Delegating Fresh Credentials" is enabled and configured properly.
I am trying to avoid running this through the Management Shell because I would like to have a scheduled task kick off this script automatically.
Any suggestions/ideas?
You don't have to use session configurations to invoke PowerShell with version 2.0 in a scheduled task.
Just use:
powershell.exe -Version 2.0
In your task definition. This is way easier and safer than trying to remote into the local machine with CredSSP.
Related
Through Microsoft Group Policy I did define to run a Powershell-Script on Computer Start-Up. Also I have the requirement to run a Powershell-Script as Scheduled Task without saving credentials.
On both scenarios I have the same problem ...
I want to run a Citrix Powershell-Command (PSSnapIn) like:
Set-BrokerMachine -MachineName "domain.local\$env:COMPUTERNAME" -AdminAddress "RemoteServer.domain.local" -InMaintenanceMode $True
Manual: https://citrix.github.io/delivery-controller-sdk/Broker/Set-BrokerMachine/
Of course only users who have the permission could run those Citrix-commands. I would be able to give a domain-user the permission to run the command "Set-BrokerMachine", but in the mentioned scenarios the PowerShell-scripts run in context of the system-user.
I did simulate the system-user by PSExec:
Error running as System-User
My scripts do other things of course and I want to keep them running as System-User, but now I am looking for a clean solution to get those Citrix-commands running.
If possible, I don't want to save credentials in my scripts.
EDIT #1:
I would be able to workaround with the following code:
$Username = "MySpecialUser"
$Password = 'MyPassword'
$SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential $Username, $SecurePassword
$Result = Invoke-Command -Session ( New-PSSession -ComputerName "RemoteServer.domain.local" -Credential $Credential ) -ScriptBlock {
Add-PSSnapin Citrix*
Set-BrokerMachine -MachineName "domain.local\$args" -InMaintenanceMode $True
} -ArgumentList $env:COMPUTERNAME -HideComputerName
Remove-PSSession -InstanceId $Result.RunspaceId
I don't like this because:
The code has to contain credentials (ofc I could encrypt it ...)
I have to create a permission-system for this special user in Citrix
I have to put the special-user into a local-group on every server, to allow the remote-administration (security-risk)
I don't like to use PSSession
...
Is there a better/cleaner solution? Any ideas?
I have a PowerShell script which works fine on windows server 2016 azure VM but fails to execute the same script from my build agent which is also window server 2016 OS azure VM.
No errors get logged in PowerShell due to which i am not able to figure out what is the reasons?
Is there any Prerequisites that i need to validate or install on the server for executing this script?
Below is the script which execute batch file present on another another VM.
$Username = 'ABC'
$Password = 'XYZ'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
try {
Invoke-Command -ComputerName "ServerName" -credential $cred -ErrorAction Stop -ScriptBlock {Invoke-Expression -Command:"cmd.exe /c 'C:\CI\Demo_CI.bat'"
Write-Host "done"
}
} catch {
Write-Host "error"
}
I believe what you are facing here is a Credential delegation issue, You can try enabling CredSSP in your build agent and the target "ServerName". To know more about credssp , see here, therwise you will have to use psexec in CI.
I am familiar with Linux envs and using SSH to run remote scripts and programs and automatic scripts from my desktop.
I would like to have a similar workflow with Windows VMs that I have on my Azure Account. However, I canĀ“t find a straight forward instructions on how to build my local PowerShell scripts.
I need only to connect to a VM and call some scripts within it.
The best I could find would be this guide from MS
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/winrm
Or this a litte older blog post.
http://fabriccontroller.net/using-remote-powershell-with-windows-azure-virtual-machines/
According to your description, we can use New-Pssession to execute script to stop/start service, like this:
$username = 'jason'
$pass = ConvertTo-SecureString -string 'password' -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
$s = New-PSSession -ConnectionUri 'http://23.99.82.2:5985' -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Invoke-Command -Session $s -ScriptBlock {Get-Process PowerShell}
Result like this:
Another way, we can use Azure custom script extension to run script, we can upload script to Azure storage account, and use Set-AzureRmVMCustomScriptExtension to set custom script:
PS C:\> Set-AzureRmVMCustomScriptExtension -ResourceGroupName "ResourceGroup11" -Location "Central US" -VMName "VirtualMachine07" -Name "ContosoTest" -TypeHandlerVersion "1.1" -StorageAccountName "Contoso" -StorageAccountKey <StorageKey> -FileName "ContosoScript.exe" -ContainerName "Scripts"
But custom script only can run one time, if you want to re-run this script, we should remove it with this command Remove-AzureRmVMCustomScriptExtension, then re-set it.
More information about Azure custom script extension, please refer to this link.
I ran into a lot of trouble using the accepted answer, and found I wanted to use SSL in my remote execution. I could not find anywhere this was succinctly put, so here's what worked for me. Essentially, use the built-in Azure command to enable remote PowerShell on the VM, and then run secure remote sessions to your heart's content!
Invoke-AzureRmVMRunCommand -ResourceGroupName $vmResourceGroupName -Name $vmName -CommandId 'EnableRemotePS'
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $secureStringPassword
$sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
Invoke-Command -ComputerName $ipAddress -Credential $cred -UseSSL -SessionOption $sessionOptions -FilePath $scriptPath
Below is a script we are using in TeamCity. We are sporadically getting a hung build during this step and some others similarly written. From what I've been able to find out is that the error is occurring between the two servers.
The script creates a remote session and executes on the remote machine. The remote script completes successfully, but never causes this script to exit which leads to a build step hanging.
$username = '%SvcAcct%'
$password = '%SvcAcctPwd%'
$credentials = New-Object System.Management.Automation.PSCredential `
-ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
$remoteSession = New-PSSession -ComputerName %RemoteServer% -Authentication Credssp -Credential $credentials
Invoke-Command -FilePath %teamcity.build.checkoutDir%\NovoDeploy\Powershell\InstallNovo.ps1 `
-ArgumentList "C:\NovoDeploy\Installers","C:\NovoDeploy\%InstallSettingsConfigFileName%","%SvcAcctPwd%" -Session $remoteSession
#Get the exit code from the remote session so
#we can pass it through to TeamCity and fail the build.
$remoteSessionExitCode = Invoke-Command { $lastexitcode } -Session $remoteSession
exit $remoteSessionExitCode
Try using remove-pssession -$remoteSession at the end of your script.
Remove-PSSessioncloses one or more Windows PowerShell sessions (PSSessions). I'm thinking maybe your exit command is just exiting the remote powershell session you use to run the remote command and then continuing as a local powershell session after your exit. If you add remove-pssession after you assign the exitcode variable, then maybe your exitcommand will exit the local terminal as needed.
Just a theory but it's worth testing out.
I created a Jenkins job that needs to connect to a remote machine and execute a ps1 script.
$pw = convertto-securestring -AsPlainText -Force -String "4444"
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "eeeee\eee",$pw
$sess = New-PSSession -ComputerName server1 -Credential $cred
Enter-PSSession $sess
Looks like you may be better served with Invoke-Command than Enter-PSSession.
https://technet.microsoft.com/en-us/library/hh849719.aspx
Something along the lines of:
Invoke-Command -Credential $creds -ComputerName $server -FilePath $scriptname -ArgumentList $arg1, $arg2
Add the remote machine as a slave, then run your script from 'execute windows Batch command' or install Powershell plugin and 'Run powershell script'.
Links:
Add windows slave: https://wiki.jenkins.io/display/JENKINS/Step+by+step+guide+to+set+up+master+and+agent+machines+on+Windows
Powershell plugin: https://wiki.jenkins-ci.org/display/JENKINS/PowerShell+Plugin