Passing specific credentials to remote session

Welcome Forums General PowerShell Q&A Passing specific credentials to remote session

This topic contains 8 replies, has 5 voices, and was last updated by

 
Participant
1 month ago.

  • Author
    Posts
  • #111881

    Participant
    Points: 0
    Rank: Member

    I have a sort of crazy situation.   I have to run a powershell script from a SharePoint console app.

    This will be running a remote session on a different server.   I need to be able to run that remote session with a specific set of credentials in order to update an AD security group.

    How can I do that?

    Edit:  This script is being triggered by a console app and needs to run unattended with no need to provide a password.   The credentials will not change.  I am looking for a way to provide the credentials via a token file or similar.

  • #111886

    Participant
    Points: 0
    Rank: Member
    
    $myRemoteSessionCredential = Get-Credential -UserName 'domain\user'
    
    $myRemoteSession = New-PSSession -ComputerName 'myRemoteComputer.FQDN' -Credential $myRemoteSessionCredential
    
    Invoke-Command -Session $myRemoteSession -ScriptBlock {
    
    # my command list to be executed on the remote computer using my remote cred
    
    }
    
    
  • #111889

    Participant
    Points: 0
    Rank: Member

    It would appear that I left out a critical component of the description.   I need this to run without having to enter a password each time.  It will be the same set of credentials and needs to be able to run unattended.

    Can I take what you have above and create a token file that can be referenced and used?

    • #111907

      Participant
      Points: 0
      Rank: Member
      Install-Module AZSBTools 
      
      $myRemoteSessionCredential = Get-SBCredential -UserName 'domain\user'
      $myRemoteSession = New-PSSession -ComputerName 'myRemoteComputer.FQDN' -Credential $myRemoteSessionCredential
      Invoke-Command -Session $myRemoteSession -ScriptBlock {
      
      # my command list to be executed on the remote computer using my remote cred
      
      }
      

      The Get-SBCredential cmdlet persists the encrypted credential object to disk for unattended execution (you type in the pwd the first time)

      To update the persisted credential (on disk) – say after pwd change, use

      Get-SBcredential -Refresh -UserName 'domain\user'
      

      use

       help Get-SBCredential -Show

      for built in help and examples
      Also see https://superwidgets.wordpress.com/2016/08/05/powershell-script-to-provide-a-ps-credential-object-saving-password-securely/

  • #111892

    Participant
    Points: 20
    Rank: Member

    You can build a Credential object. create a script like below

    Param(
    [Parameter(Mandatory)]
    [system.Security.SecureString]$Password,
    
    [Parameter()]
    [string]UserName = 'domain\user'
    )
    $Credential = [PSCredential]::new('UserName',$Password)
    Invoke-Command -Session $myRemoteSession -ScriptBlock { ... } -Credential $credential
    

    Call .\ThisScript.ps1

    for unattended .\ThisScript.ps1 -Password (ConvertTo-SecureString -AsPlainText -Force -String 'Password')

  • #111910

    Participant
    Points: 0
    Rank: Member

    Is it possible to do without 3rd party tools?

    • #111916

      Participant
      Points: 0
      Rank: Member

      Juli, your last question suggests that you did not read the Get-SBCredential function or understand what it does and how. I recommend that you do.

  • #111950

    Keymaster
    Points: 1
    Rank: Member

    MS deliberately makes it difficult to persist credential objects, because of the security risk that represents. So there's nothing native in PowerShell that makes it easy and straightforward and safe to keep a credential object on-disk.

    The "right" way to do this is to use JEA, which is a Microsoft add-in for PowerShell. You can also set this up without JEA, it's just a bit more manual; "Secrets of PowerShell Remoting" explains these "constrained endpoints." The theory is that you set up an endpoint which has a persistent "run as" credential, and you let the script log into that to run its command. The credential is stored safely that way.

  • #111970

    Participant
    Points: 10
    Rank: Member

    Take a look at

    Using Credential Manager in PowerShell
    Using Credential Manager in PowerShell

    Provides access to credentials in the Windows Credential Manager
    https://www.powershellgallery.com/packages/CredentialManager/2.0

     

You must be logged in to reply to this topic.