Calling batch with user creds not working in powershell - powershell

I have a powershell script that contains the following
$username = 'username'
$password = 'password'
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
start-process -FilePath $deploymentAppPath -Credential $cred
Yet when I execute this I get the following error.
start-process <<<< -FilePath $deploymentAppPath -Credential $cred
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
While I don't think it is probably obvious, my end goal here is to call the batch file with the user credentials that I specify.

I would start by removing the use of securestring. Some things just don't seem to work with it in my experiences.
It appears that your process is local, so you're not transmitting the u/p over the wire. Is the securestring really neccessary (considering that the u/p is in the script and available to whoever has perms to the script)?

I believe you do not have the right version of windows powershell to use the start-process command. I ran this and it worked other than the obvious -FilePath error that I did not set. Where as you seem to be getting the basic 'command does not exist' exception. To check your version number use the get-host cmdlet. Run get-host | select version and if it outputs 1.0 to console you should go Here to get a 2.0 version.

Related

Use Connect-SPOService with Powershell 6 (core version)

I'm trying to connect to a sharepoint environment and I want to do that with Powershell version 6. Why? Eventually, I want to put the PS commands in a .net core 3 application. And as far as I know I cannot use PS5.1 in .net core.
It is about this powershell script:
Import-Module -Force -name Microsoft.Online.SharePoint.PowerShell;
Import-Module -Force -name Microsoft.Online.SharePoint.PowerShell -DisableNameChecking;
$username = 'admin#shootme.com';
$password = 'right now';
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $userName, $(convertto-securestring $Password -asplaintext -force);
Connect-SPOService -Url https://shootme.sharepoint.com -Credential $cred;
When I try this in the default PS 5.1 it just works fine. When I try this with PS 6.2.3, I get an error:
Connect-SPOService : The remote server returned an error: (400) Bad Request.
At line:1 char:1
+ Connect-SPOService -Url https://shootme.sharepoint.com -Credent ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
Does the newer Powershell have different syntax orso, of what am I doing wrong?
Also, maybe there is a way to run scripts in ps 5.1 when running them in .net core?
Have you tried connecting manually by removing the credentials portion and letting it prompt you for a login and test if that resolves successfully?
Edit: I do know you can also call powershell from a .bat like so:
powershell -version 2 .\xyz.ps1
But not knowing what you're going for exactly makes it tough to suggest if that's even a viable option.

Copy-Item to networkpath: incorrect user name or password

I have a PowerShell v1 script, that is triggerd by a PLC. It should copy a file from the desktop of the embedded PC to a network path.
If I run the script manually it works just fine, but if the script is triggered by the PLC I will get the following error:
+ CategoryInfo : NotSpecified: (:) [Copy-Item], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.CopyItemCommand
copy-item : The user name or password is incorrect.
Any tips, why I get this error, would be very much appreciated!
Thanks for your help #TheIncorrigible1 after reading your comment I found the problem!
The problem was, that the script started by the plc runs with another user than the manually started script.
So the workaround is to first start powershell with the correct credentials with another script. For example like so:
$usr = 'XXX'
$paswrd = 'XXX'
$securePassword = ConvertTo-SecureString $paswrd -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $usr, $securePassword
$args = "/path to your script"
Start-Process powershell.exe -Credential $credential -ArgumentList ("-file $args")
downside... password in plain text...

Running Set-AzureRmAppServicePlan from Automation script (RunBook)

I'm trying to run Set-AzureRmAppServicePlan from automation runbook but getting
Set-AzureRmAppServicePlan : Run Login-AzureRmAccount to login. At
line:20 char:1
+ Set-AzureRmAppServicePlan -ResourceGroupName "...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-AzureRMAppServicePlan], PSInvalidOperationException
+ FullyQualifiedErrorId : InvalidOperation,Microsoft.Azure.Commands.WebApps.Cmdlets.AppServicePlans.SetAzureAppServicePlanCmdlet
Note that actual runbook authentication using Automation Credential is successful.
And I can run this script from local powershell using
Login-AzureRmAccount
Add-AzureRmAccount
Set-AzureRmAppServicePlan...
Is it possible at all to run this from automation without interactive login?
Thanks
Pavel
figure it out.. pretty simple instead of
Add-AzureAccount - which is used in sample runbook Get-AzureVMTutorial created automatically
need to use
Add-AzureRmAccount
for use with Azure Resource Manager cmdlet requests like
Set-AzureRmAppServicePlan
Leaving question / answer here.. might still help someone
If you are not using MFA, pls see the following cmds, replace 'yourPassword', 'yourUserName', 'yourEnvironment', 'yourSubscriptionId', 'yourTenantId' with your own message and put it to your script then you can login without interactive page.
$userPassword = ConvertTo-SecureString -String "yourPassword" -AsPlainText -Force
$psCred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'yourUserName', $userPassword
$credential = Get-Credential -Credential $psCred
add-azureRmAccount -EnvironmentName 'yourEnvironment' -credential $credential -subscriptionId 'yourSubscriptionId' -tenant 'yourTenantId'

Connect-MsolService over WinRM fails

I am running a simple Powershell script over WinRM in order to get from Azure AD the list of user's licences. Here is the script itself:
$username = "admin#domain.onmicrosoft.com"
$password = "secret"
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $(convertto-securestring $password -AsPlainText -Force)
Import-Module MSOnline
Connect-MsolService -Credential $cred -Verbose
$user = Get-MsolUser -UserPrincipalName $username
$status = $user.Licenses | ForEach-Object { $_.ServiceStatus }
$status | ForEach-Object { $_.ServicePlan.ServiceName + "|" + $_.ProvisioningStatus }
I have installed both Microsoft Online Services Sign-In Assistant and Azure Active Directory Module for PowerShell as described on this page https://technet.microsoft.com/en-us/library/jj151815.aspx#bkmk_installmodule
The script works fine if I run it locally on a machine running Windows.
But once I try to run it from Linux machine over WinRM the following exception is raised:
Connect-MsolService : Exception of type
'Microsoft.Online.Administration.Automation.MicrosoftOnlineException' was
thrown.
At line:5 char:1
+ Connect-MsolService -Credential $cred -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], Mic
rosoftOnlineException
+ FullyQualifiedErrorId : 0x80070005,Microsoft.Online.Administration.Autom
ation.ConnectMsolService
However, if I run the script at least once locally on a Windows machine it starts working over WinRM. But after I reboot Windows it stops working again.
I have a strong feeling that when I run the script locally some background process is started and after that everything starts working over WinRM. But I could not identify what the process is.
I have installed Sing-In Assistant version 7.250.4556.0 (2/17/2014), Azure AD Module version 1.0.0 (1/19/2015).
It is very inconvenient to run the script locally each time Windows is restarted, so any help is appreciated.

How to run Start-Process in Powershell using user credentials?

I've got a Windows service (Jenkins) that runs a script which needs to run a command as a specific user.
I tried to do this but it doesn't work:
$secpasswd = ConvertTo-SecureString "myPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential("DOMAIN\myUsername", $secpasswd)
$Arguments = #()
$Arguments += "-Command"
$Arguments += "pwd"
$Arguments += ">"
$Arguments += "output.txt"
Start-Process powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
Start-Sleep 2
Get-Content "$workingDir\output.txt"
I get this output:
Start-Process : This command cannot be executed due to the error: Access is denied.
At C:\Windows\TEMP\hudson2382859596554223918.ps1:32 char:14
+ Start-Process <<<< powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
Now if I remove -Credential $mycreds it works fine. The reason why there is that Start-Sleep at the end is that I removed the -Wait after reading this question on SO.
Am I missing something here?
$username = "username"
$password = "password"
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
Start-Process dnscrypt-proxy.exe -WorkingDirectory path_here -Credential ($credentials)
--from powershell forums; i searched for this same solution just a couple days ago and this worked. hope it helps you.
Source: http://powershell.com/cs/forums/t/9502.aspx
Finally found the solution: by default, Jenkins is run as a service log on as the "Local System account". To change this launch the services application (type "services" in the start menu), look for Jenkins, double click on it and go to the "Log On" tab.
You should now see what account the service is using. Change to "This account" and fill in your account details and voila!
For the record the command I was originally trying to run works fine now, without having to add any of the "changing user" things on top.
Special thanks to #Poorkenny that put me on the correct track with his comment, THANK YOU! Stackoverflow rocks! (that moment when thanks to someone you just solved an issue that took you the whole day to figure it out...)