I would like to use a PowerShell script to remove a computer from a Configuration Manager 2012 R2 collection toward the end of a task sequence. I am using invoke-command to run the commands on the remote computer, but one component of the import-module is failing. I can view this when I run this part of the code with the -Verbose switch.
Here is the error.
Other dll's load the other commands without issue. Apparently the AdminUI.PS.Provider.dll provides the ability to CD to the CM site as that essential part of the script also fails.
Here is the complete scrubbed script.
# Capture the hostname of the computer running this script
# The rest of the script will be executed on SERVER
$CollectionIDs = "CM100044;CM100043"
#Import SCCM Module
#Remove Client from collections
#check for each collection if a directmember rule exists, and remove it
#Write Eventlog entry
#Remove Client from collection
This is probably a second-hop problem, if that module is trying to access a remote computer when it's imported. (By the looks of it, it's mounting a new PSDrive.)
Once you've enabled CredSSP on the client and server, you have to explicitly choose that authentication mechanism in your call to Invoke-Command, by using the parameter [b]-Authentication Credssp[/b]
I should put up the standard disclaimer that CredSSP authentication can present a security risk. It results in your password hash being sent to and cached on the remote server. If that server is compromised, so are your credentials.
Thanks much. That did work to get the module to load and the script to run. Creating the credentials with Get-Credential requires hand-entering credentials which I don't want to do for this script. I want it to use the credentials with which the script is already running. At least I know what the problem is now.
You must be logged in to reply to this topic.