Get-Credential Remote Device

Welcome Forums General PowerShell Q&A Get-Credential Remote Device

Viewing 9 reply threads
  • Author
    Posts
    • #223764
      Participant
      Topics: 10
      Replies: 11
      Points: 61
      Rank: Member

      I have a requirement to run  script on a remote devices. so i created the following

      script 1

      $AkeyFile = “C:\temp\PWDKey.key”
      $AcredFile = “C:\temp\PWDCred.cred”
      $myUser = “XYZABCD”
      $AESKey = New-Object Byte[] 32
      [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey)
      Set-Content $keyFile $AESKey

      $credential = Get-Credential “$myUser”
      $credential.Password | ConvertFrom-SecureString -Key (Get-Content $AkeyFile) | Set-Content $AcredFile

      $pwdenc = Get-Content $AcredFile | ConvertTo-SecureString -key (Get-Content $AkeyFile)
      $credential = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList “$myUser”, $pwdenc

      So now i have 2 files PWDKey.key & PWDCred.cred. Copied them on to the remote device under C:\temp\TS folder

      Original Script

      ———————————————————————————————————————————–

      $FriendlyName = “REMOTECOMP”

      $User = “XYZABCD”
      $BkeyFile = “C:\temp\TS\PWDKey.key”
      $BcredFile = “C:\temp\TS\PWDCred.cred”

      $encrypted = Get-Content $BcredFile | ConvertTo-SecureString -key (Get-Content $BkeyFile)
      $mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList “$User”, $encrypted

      Get-ADComputer $FriendlyName -Credential $mycred

      —————————————————————————————————-

      While running the above, i get the following error
      <p class=”entry-title mb-4 text-40″>Exception calling .ctor with 2 arguments</p>
      Any help would be highly appreciated

      Thanks,

      V

    • #223776
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      First thing, you define your keyfile as “$AKeyFile” and then try to output to just $keyfile. Update one or the other so they match.

      
      Set-Content $keyFile $AESKey
      
      

      Next thing, your quotes aren’t proper. My guess is you copied and pasted at least some of this code from the internet, and have been victimized like so many others with these different quotes. Replace all the quotes by actually typing them. You can use find/replace but make sure to account for the different quotes in the beginning and the end.

      After that you should be good!

    • #223791
      Participant
      Topics: 10
      Replies: 11
      Points: 61
      Rank: Member

      Thanks. Sorry that was a typo error.

      Even if i run the following script 1

      $AkeyFile = “C:\temp\PWDKey.key”
      $AcredFile = “C:\temp\PWDCred.cred”
      $myUser = “XYZABCD”

      $FriendlyName = “REMOTECOMP”
      $AESKey = New-Object Byte[] 32
      [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey)
      Set-Content $AkeyFile $AESKey

      $credential = Get-Credential “$myUser”
      $credential.Password | ConvertFrom-SecureString -Key (Get-Content $AkeyFile) | Set-Content $AcredFile

      $pwdenc = Get-Content $AcredFile | ConvertTo-SecureString -key (Get-Content $AkeyFile)
      $credential = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList “$myUser”, $pwdenc

      Get-ADComputer $FriendlyName -Credential $credential

      I get the following error

      New-Object : Cannot find an overload for “PSCredential” and the argument count: “2”.

    • #223797
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Like I said, your quotes are invalid. Replace them. Just look at them, they curl up all pretty. If you replace them with quotes that you type, it will work. I’ve tested your code after fixing them, that’s how I know. Look at the difference.

      “$myUser”

      "$myUser"

    • #223809
      Participant
      Topics: 10
      Replies: 11
      Points: 61
      Rank: Member

      You are right. I removed all the quotes and it worked. Thanks.

      But now the other issue is, am running the Script 2 as SYSTEM user. So passing the $BkeyFile and $BCredFile does not help. It says that “Error Message = Either the target name is incorrect or the server has rejected the client credentials.” But if i run the script as logged in user the same it works.

      $FriendlyName = REMOTECOMP

      $User = XYZABCD
      $BkeyFile = C:\temp\TS\PWDKey.key
      $BcredFile = C:\temp\TS\PWDCred.cred

      $encrypted = Get-Content $BcredFile | ConvertTo-SecureString -key (Get-Content $BkeyFile)
      $mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList $User, $encrypted

      Get-ADComputer $FriendlyName -Credential $mycred

    • #223812
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      How exactly are you running it? Also, you do want to quote the REMOTECOMPUTER string. I wouldn’t have removed any quotes, just replaced with valid quotes.

    • #223815
      Participant
      Topics: 10
      Replies: 11
      Points: 61
      Rank: Member

      Added the quote on the RemoteComputer String now.

      So these PS1 will be triggered by using local computer account on the remote machine. Since local computer does not have access to modify the AD object. we had to pass the credentials. Similar to Task Scheduler Job

    • #223818
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      So you’re using task scheduler to run the script? Psexec? WMI process create()?

    • #223827
      Participant
      Topics: 10
      Replies: 11
      Points: 61
      Rank: Member

      Not exactly Task Schedule. So let me explain in detail. We use Microsoft SCCM to image OS. As the OS Image is build there are messages that are sent from Client to Server. So once a specific message ID is received on the server then we trigger the powershell script to modify the AD group of the computer object. By default the script will run as the local computer account [Verified by calling $env:UserName] . Since local computer account does not have permission to modify so we have to use the different credentials. So using the above method to see if it works.

      If i use the password without encrypting, it works, like below

      $User = “XYZABCD”

      $FriendlyName = “REMOTECOMP”

      [string][ValidateNotNullOrEmpty()] $encrypted = “@Password1”

      $userPassword = ConvertTo-SecureString -String $encrypted -AsPlainText -Force
      $mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList $User, $userPassword

      Get-ADComputer $FriendlyName -Credential $mycred

    • #223839
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero

      Yeah not sure what is causing your issue. I ran the ps1 as system using psexec and it provided the proper user back.

      Test.PS1 saved on the remote PC under c:\temp

      $User = "it"
      $BkeyFile = "C:\temp\PWDKey.key"
      $BcredFile = "C:\temp\PWDCred.cred"
      
      $encrypted = Get-Content $BcredFile | ConvertTo-SecureString -key (Get-Content $BkeyFile)
      $mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList "$User", $encrypted
      Write-Output $mycred
      

      The PSExec command

      PsExec.exe \\win10-dev /s "cmd.exe" "/c whoami && powershell.exe c:\temp\test.ps1"
      

      The output

      nt authority\system
      UserName Password
      -------- --------
      it       System.Security.SecureString
      

      Now for your get-adcomputer command to work on the new machine, it will need to have the AD module/cmdlets available. Is that built into your image? If not, how are you handling that?

Viewing 9 reply threads
  • You must be logged in to reply to this topic.