Help: How to start a process with different credential remotely

This topic contains 1 reply, has 2 voices, and was last updated by  Don Jones 3 months, 1 week ago.

  • Author
    Posts
  • #98163

    Jane Chen
    Participant

    Here is my script (test.ps1) on remote server:

     
    $ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo 
    $ProcessInfo.FileName = "whoami" 
    $ProcessInfo.RedirectStandardError = $true 
    $ProcessInfo.RedirectStandardOutput = $true 
    $ProcessInfo.UseShellExecute = $false 
    $ProcessInfo.WorkingDirectory = "C:\Windows\System32"
    if ($AddCred) {
        $ProcessInfo.Domain = ""
        $ProcessInfo.UserName = "localuser"
        $ProcessInfo.Password = ConvertTo-SecureString -String "password" -AsPlainText -Force
    }
    $Process = New-Object System.Diagnostics.Process 
    $Process.StartInfo = $ProcessInfo 
    $Process.Start() | Out-Null 
    

    I verified the script is working locally.

    Now on client side from my desktop, I use my domain account to create session and enter it and then run it:
    1. If I run it without using different credential, I get the result as expect:
    [server.sas.com]: PS C:\testing> .\test.ps1
    Start Process with credential
    carynt\cdtauto

    However, once I use the domain and credential portion of it by adding "-AddCred", it is no longer working:
    [server.sas.com]: PS C:\testing> .\jane1.ps1 -AddCred
    Start Process with credential
    Exception calling "Start" with "0" argument(s): "Access is denied"
    At C:\testing\jane1.ps1:22 char:1
    + $Process.Start() | Out-Null
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : Win32Exception

    Exception calling "WaitForExit" with "0" argument(s): "No process is associated with this object."
    At C:\testing\jane1.ps1:23 char:1
    + $Process.WaitForExit()
    + ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

    You cannot call a method on a null-valued expression.
    At C:\testing\jane1.ps1:24 char:1
    + $output = $Process.StandardOutput.ReadToEnd()
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

  • #98848

    Don Jones
    Keymaster

    I'm not sure it's possible to get that working through Remoting. Remoting doesn't pass your credential to the remote computer; it uses Kerberos by default, and the way that delegation works... well, Windows' security system is complex. I'm not sure a delegated credential could be used to assert a new process under a different token.

    The "right way" to do this would be to set up an endpoint on the remote machine, and have that endpoint "run as" your alternate credential. This is what the JEA module is all about.

You must be logged in to reply to this topic.