Passing specific credentials to remote session

Welcome Forums General PowerShell Q&A Passing specific credentials to remote session

This topic contains 8 replies, has 5 voices, and was last updated by

 
Participant
7 months, 1 week ago.

  • Author
    Posts
  • #111881

    Participant
    Topics: 21
    Replies: 32
    Points: 50
    Rank: Member

    I have a sort of crazy situation.   I have to run a powershell script from a SharePoint console app.

    This will be running a remote session on a different server.   I need to be able to run that remote session with a specific set of credentials in order to update an AD security group.

    How can I do that?

    Edit:  This script is being triggered by a console app and needs to run unattended with no need to provide a password.   The credentials will not change.  I am looking for a way to provide the credentials via a token file or similar.

  • #111886

    Participant
    Topics: 8
    Replies: 350
    Points: 316
    Helping Hand
    Rank: Contributor
    
    $myRemoteSessionCredential = Get-Credential -UserName 'domain\user'
    
    $myRemoteSession = New-PSSession -ComputerName 'myRemoteComputer.FQDN' -Credential $myRemoteSessionCredential
    
    Invoke-Command -Session $myRemoteSession -ScriptBlock {
    
    # my command list to be executed on the remote computer using my remote cred
    
    }
    
    
  • #111889

    Participant
    Topics: 21
    Replies: 32
    Points: 50
    Rank: Member

    It would appear that I left out a critical component of the description.   I need this to run without having to enter a password each time.  It will be the same set of credentials and needs to be able to run unattended.

    Can I take what you have above and create a token file that can be referenced and used?

    • #111907

      Participant
      Topics: 8
      Replies: 350
      Points: 316
      Helping Hand
      Rank: Contributor
      Install-Module AZSBTools 
      
      $myRemoteSessionCredential = Get-SBCredential -UserName 'domain\user'
      $myRemoteSession = New-PSSession -ComputerName 'myRemoteComputer.FQDN' -Credential $myRemoteSessionCredential
      Invoke-Command -Session $myRemoteSession -ScriptBlock {
      
      # my command list to be executed on the remote computer using my remote cred
      
      }
      

      The Get-SBCredential cmdlet persists the encrypted credential object to disk for unattended execution (you type in the pwd the first time)

      To update the persisted credential (on disk) – say after pwd change, use

      Get-SBcredential -Refresh -UserName 'domain\user'
      

      use

       help Get-SBCredential -Show

      for built in help and examples
      Also see https://superwidgets.wordpress.com/2016/08/05/powershell-script-to-provide-a-ps-credential-object-saving-password-securely/

  • #111892

    Moderator
    Topics: 8
    Replies: 736
    Points: 2,059
    Helping Hand
    Rank: Community Hero

    You can build a Credential object. create a script like below

    Param(
    [Parameter(Mandatory)]
    [system.Security.SecureString]$Password,
    
    [Parameter()]
    [string]UserName = 'domain\user'
    )
    $Credential = [PSCredential]::new('UserName',$Password)
    Invoke-Command -Session $myRemoteSession -ScriptBlock { ... } -Credential $credential
    

    Call .\ThisScript.ps1

    for unattended .\ThisScript.ps1 -Password (ConvertTo-SecureString -AsPlainText -Force -String 'Password')

  • #111910

    Participant
    Topics: 21
    Replies: 32
    Points: 50
    Rank: Member

    Is it possible to do without 3rd party tools?

    • #111916

      Participant
      Topics: 8
      Replies: 350
      Points: 316
      Helping Hand
      Rank: Contributor

      Juli, your last question suggests that you did not read the Get-SBCredential function or understand what it does and how. I recommend that you do.

  • #111950

    Keymaster
    Topics: 13
    Replies: 4872
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    MS deliberately makes it difficult to persist credential objects, because of the security risk that represents. So there's nothing native in PowerShell that makes it easy and straightforward and safe to keep a credential object on-disk.

    The "right" way to do this is to use JEA, which is a Microsoft add-in for PowerShell. You can also set this up without JEA, it's just a bit more manual; "Secrets of PowerShell Remoting" explains these "constrained endpoints." The theory is that you set up an endpoint which has a persistent "run as" credential, and you let the script log into that to run its command. The credential is stored safely that way.

  • #111970

    Participant
    Topics: 2
    Replies: 876
    Points: 1,354
    Helping Hand
    Rank: Community Hero

    Take a look at

    Using Credential Manager in PowerShell
    Using Credential Manager in PowerShell

    Provides access to credentials in the Windows Credential Manager
    https://www.powershellgallery.com/packages/CredentialManager/2.0

     

The topic ‘Passing specific credentials to remote session’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort