Help: How to start a process with different credential remotely

Welcome Forums General PowerShell Q&A Help: How to start a process with different credential remotely

This topic contains 1 reply, has 2 voices, and was last updated by

1 year, 1 month ago.

  • Author
  • #98163

    Topics: 1
    Replies: 0
    Points: 3
    Rank: Member

    Here is my script (test.ps1) on remote server:

    $ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo 
    $ProcessInfo.FileName = "whoami" 
    $ProcessInfo.RedirectStandardError = $true 
    $ProcessInfo.RedirectStandardOutput = $true 
    $ProcessInfo.UseShellExecute = $false 
    $ProcessInfo.WorkingDirectory = "C:\Windows\System32"
    if ($AddCred) {
        $ProcessInfo.Domain = ""
        $ProcessInfo.UserName = "localuser"
        $ProcessInfo.Password = ConvertTo-SecureString -String "password" -AsPlainText -Force
    $Process = New-Object System.Diagnostics.Process 
    $Process.StartInfo = $ProcessInfo 
    $Process.Start() | Out-Null 

    I verified the script is working locally.

    Now on client side from my desktop, I use my domain account to create session and enter it and then run it:
    1. If I run it without using different credential, I get the result as expect:
    []: PS C:\testing> .\test.ps1
    Start Process with credential

    However, once I use the domain and credential portion of it by adding "-AddCred", it is no longer working:
    []: PS C:\testing> .\jane1.ps1 -AddCred
    Start Process with credential
    Exception calling "Start" with "0" argument(s): "Access is denied"
    At C:\testing\jane1.ps1:22 char:1
    + $Process.Start() | Out-Null
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : Win32Exception

    Exception calling "WaitForExit" with "0" argument(s): "No process is associated with this object."
    At C:\testing\jane1.ps1:23 char:1
    + $Process.WaitForExit()
    + ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

    You cannot call a method on a null-valued expression.
    At C:\testing\jane1.ps1:24 char:1
    + $output = $Process.StandardOutput.ReadToEnd()
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

  • #98848

    Topics: 13
    Replies: 4872
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    I'm not sure it's possible to get that working through Remoting. Remoting doesn't pass your credential to the remote computer; it uses Kerberos by default, and the way that delegation works... well, Windows' security system is complex. I'm not sure a delegated credential could be used to assert a new process under a different token.

    The "right way" to do this would be to set up an endpoint on the remote machine, and have that endpoint "run as" your alternate credential. This is what the JEA module is all about.

The topic ‘Help: How to start a process with different credential remotely’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort