I've got a Windows service (Jenkins) that runs a script which needs to run a command as a specific user.
I tried to do this but it doesn't work:
$secpasswd = ConvertTo-SecureString "myPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential("DOMAIN\myUsername", $secpasswd)
$Arguments = #()
$Arguments += "-Command"
$Arguments += "pwd"
$Arguments += ">"
$Arguments += "output.txt"
Start-Process powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
Start-Sleep 2
Get-Content "$workingDir\output.txt"
I get this output:
Start-Process : This command cannot be executed due to the error: Access is denied.
At C:\Windows\TEMP\hudson2382859596554223918.ps1:32 char:14
+ Start-Process <<<< powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
Now if I remove -Credential $mycreds it works fine. The reason why there is that Start-Sleep at the end is that I removed the -Wait after reading this question on SO.
Am I missing something here?
$username = "username"
$password = "password"
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
Start-Process dnscrypt-proxy.exe -WorkingDirectory path_here -Credential ($credentials)
--from powershell forums; i searched for this same solution just a couple days ago and this worked. hope it helps you.
Source: http://powershell.com/cs/forums/t/9502.aspx
Finally found the solution: by default, Jenkins is run as a service log on as the "Local System account". To change this launch the services application (type "services" in the start menu), look for Jenkins, double click on it and go to the "Log On" tab.
You should now see what account the service is using. Change to "This account" and fill in your account details and voila!
For the record the command I was originally trying to run works fine now, without having to add any of the "changing user" things on top.
Special thanks to #Poorkenny that put me on the correct track with his comment, THANK YOU! Stackoverflow rocks! (that moment when thanks to someone you just solved an issue that took you the whole day to figure it out...)
Related
I want to execute a .exe File with the Start-Process Command while using specific credentials.
However I cant get it to work for me:
$username = "<Domain\Username>"
$password = "<Password>"
$secPassword = ConvertTo-SecureString $password -AsPlainText -Force
$credentialps = New-Object System.Management.Automation.PSCredential ($username, $secPassword)
Start-Process -FilePath "<path to exe>\Test.exe" -Credential $credentialps -NoNewWindow -ArgumentList "<Arguments>"
This outputs the following error:
Start-Process : This command cannot be run due to the error: The parameter is incorrect.
I Also tried just using $credential = Get-Credential, this gives you back an PSCredentials Object, but it gave me the same error.
What am I doing wrong? Sorry if something's missing, Iam new to Powershell :)
Edit: After removing the Credentials parameter the script runs perfectly, so there shouldnt be a problem regarding the FilePath or Argumentlist.
I am currently facing the issue of running an .exe as another user. I followed the documentation and all the given suggestion in the internet, but still cannot run it successfully as another user with arguments.
Need some advise on how to resolve this. I am using powershell v4. Much help appreciated. Thank you.
$username = 'wintel\approveduser'
$password = 'password123'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Process -FilePath D:\testing\CICD.exe -Credential $credential -ArgumentList "-i -b CICDbranch -m Release -r -f $currentPath\Release\export.zip" -RedirectStandardOutput ".\stdout.txt"
This works:
Start-Process -FilePath "C:\Program Files\Internet Explorer\iexplore.exe"
And this appears to work:
$username = "domain\user"
$password = "password"
$cred = New-Object System.Management.Automation.PSCredential($username, $password)
But when I run this:
Start-Process -FilePath "C:\Program Files\Internet Explorer\iexplore.exe" -Credential $cred
I get this:
I have also tried this, with the same outcome:
$iePath = "C:\Program Files\Internet Explorer\iexplore.exe"
Start-Process -FilePath $iePath -Credential $cred
Why would I get a directory error when I am providing the full path to iexplore.exe?
I tried this myself using
Start-Process -FilePath "notepad"
Start-Process -FilePath "C:\Program Files\Internet Explorer\iexplore.exe"
Both work as-is.
If I add -Credentials (my own current credentials) it fails with the errormessage The directory name is invalid.
Neither procmon nor windbg gave me any clues (I'm convinced they are there using windbg but I couldn't find it)
Adding -WorkingDirectory though solved it
Start-Process -FilePath "notepad" -Credential $cred -WorkingDirectory "c:\windows\system32"
Edit
Following the WorkingDirectory train of thought, I noticed my current working directory being a mapped network drive (F:). Switching my current working directory to a local drive also "solved" the issue.
PS F:\>> Start-Process -FilePath "notepad" -Credential $cred
Start-Process : This command cannot be run due to the error: The directory name is invalid.
At line:1 char:1
+ Start-Process -FilePath "notepad" -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
PS F:\>> c:
PS C:\>> Start-Process -FilePath "notepad" -Credential $cred
PS C:\>>
what I'm trying to do is add a user to the local admin group then launch a program with those credentials. I have the first part working:
$env:COMPUTERNAME
$srvgroup = [ADSI]("WinNT://"+$env:COMPUTERNAME+"/Administrators, Group")
$srvgroup.name
$srvgroup.add("WinNT://userID,user")
$srvgroup.Invoke("Members") | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
The second part is what I can't seem to get working correctly.
Start-Process runas.exe -Credential DOMAIN\user -ArgumentList '-noprofile -command & "C:\Program Files (x86)\Misc\SecureClient" -verb runas}'
I don't get an error message but the program does not start. I should get a popup window for the application but nothing happens when I try it this way.
Any ideas?
DOMAIN\user is not a full credential. You need to do something like this:
$passwd = ConvertTo-SecureString "opensesame" -Force -AsPlainText
$cred = new-object pscredential 'Domain\user',$passwd
Start-Process -Credential $cred ...
I ended up doing it like, don't really like it but it works:
start-process "cmd.exe" "/c D:\Scripts\client_connect.cmd"
that .cmd file is:
C:\Windows\System32\runas.exe /savecred /user:domain\username"C:\Program Files (x86)\xxx\xxx\sclient.cmd"
I have a powershell script that contains the following
$username = 'username'
$password = 'password'
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
start-process -FilePath $deploymentAppPath -Credential $cred
Yet when I execute this I get the following error.
start-process <<<< -FilePath $deploymentAppPath -Credential $cred
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
While I don't think it is probably obvious, my end goal here is to call the batch file with the user credentials that I specify.
I would start by removing the use of securestring. Some things just don't seem to work with it in my experiences.
It appears that your process is local, so you're not transmitting the u/p over the wire. Is the securestring really neccessary (considering that the u/p is in the script and available to whoever has perms to the script)?
I believe you do not have the right version of windows powershell to use the start-process command. I ran this and it worked other than the obvious -FilePath error that I did not set. Where as you seem to be getting the basic 'command does not exist' exception. To check your version number use the get-host cmdlet. Run get-host | select version and if it outputs 1.0 to console you should go Here to get a 2.0 version.