Reputation: 676
Use current Powershell credentials for remote call
I have a Powershell script that is used to remotely call other Powershell scripts on other servers. The script is used to shut down and start up services on the different servers. The Powershell script is setup in such a way that all I have to do is invoke it by calling serverStartStop [START|STOP] and it goes automatically and methodically to a list of servers and turns off a list of services on each server.
I recently had an upgrade to the system that requires a batch script to be run after starting a few services. I'm able to call the batch script remotely, but the batch script calls another command that tries to access a share on the network. The command fails because whatever user is being used to call the command does not have sufficient privileges to access the share.
I've tried several things to remedy this situation and done some research into the Invoke-Command commandlet in Powershell and the runas command for Windows Batch. The runas command asks for a password for the user, which is not acceptable as this is an automated script. Does anyone have any ideas as to how I can make this work cleanly and without user interaction other than making the initial START or STOP call?
Upvotes: 0
Views: 2376
Answers (2)
Reputation: 32190
Sounds like a double hop problem. These are notoriously difficult to work around, since the credentials you would pass can't be authenticated by the second system.
CredSSP is a solution, but it does increase security risk so use caution, make sure you understand the configuration, and make sure you configure it right.
Upvotes: 2
Reputation: 591
The -Credential method on Invoke-Command is probably what you want. I find this pretty useful for storing a credential set for scripting use in an encrypted fashion.
Add-Type -assembly System.Security
# String to Crypt
$passwordASCII = Read-Host -Prompt "Enter the Password"
# String to INT Array
$enc = [system.text.encoding]::Unicode
$clearPWD_ByteArray = $enc.GetBytes( $passwordASCII.tochararray())
# Crypting
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$bakCryptedPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Protect($clearPWD_ByteArray, $null, $secLevel)
# Store in Base 64 form
$B64PWD_ByteArray = [Convert]::ToBase64String($bakCryptedPWD_ByteArray)
Set-Content -LiteralPath c:\Temp\pass.txt -Value $B64PWD_ByteArray
<#>
Use...
Add-Type -assembly System.Security
$resCryptedPWD_ByteArray = [Convert]::FromBase64String((Get-Content -LiteralPath "$Password_File"))
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$clearPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Unprotect( $resCryptedPWD_ByteArray, $null, $secLevel )
$enc = [system.text.encoding]::Unicode
...To retrieve the password from $Password_File
Then use...
$enc.GetString($clearPWD_ByteArray)
...As your password
</#>
Upvotes: 1
Related Questions
- Run powershell script using different credentials
- Execute Batch in Remote Powershell Session that Requires Interactive/Redirection
- Pass Stored Creds to bat file
- Invoke Remote Batch File
- How to QUIETLY start Powershell.exe using different credentials (without getting prompted for username/password)?
- Invoke Powershell command from C# with different credential
- Run a remote powershell script from a batch file
- How to run as different user without prompting user batch
- Powershell - Pass credentials
- Calling batch with user creds not working in powershell