start-process newbie question

This topic contains 3 replies, has 2 voices, and was last updated by  Windows LiveUser31 3 years, 9 months ago.

  • Author
    Posts
  • #11304

    Windows LiveUser31
    Participant

    hello all and thank you for your time. My goal is deploy a java installation via power shell i have the following script, see below. when I run the script, for computers that are online I receive the following error:

    This command cannot be executed due to the error: Access is denied.
    + CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
    + PSComputerName : ARRIS-2

    is this due to using the UNC path ? all users have access to the share so im a bit lost on where to go from here.

    $comp=Get-ADComputer -Filter {(name -like "arris*") -and (name -notlike "*exchange")} | Select-Object -ExpandProperty name |
    ForEach-Object {
    $computer = $_

    $pingme = Test-Connection -ComputerName $computer -Quiet -count 1

    if ($pingme -eq $true)
    {
    Invoke-Command -ComputerName $computer -ScriptBlock { Start-Process -FilePath '\\severname\software deployment\java7_45\jre1.7.0_45.msi' -LoadUserProfile }
    }
    else
    {
    Write-Host "computer '$computer' is offline"
    }
    } | ft

  • #11306

    Dave Wyatt
    Moderator

    You're running into the "second hop" scenario here. By default, when you use PowerShell Remoting, you can only access resources local to the machine you've connected to. In order to access that UNC path, you'll need to use CredSSP as your connection type. This requires some configuration changes both on the computer where you're running this script, and on the computers you're connecting to with Invoke-Command.

    Check out the "Secrets of PowerShell Remoting" free eBook from this site. It has all of the details on how to set this up, including screenshots, starting on page 42.

  • #11363

    Windows LiveUser31
    Participant

    i am still running into an issue even after reading a couple of articles related to this including the recommended article above. I am receiving this error message (see below) i have set this in group policy and have updated the test computers and restarted several times. this configuration is set and the parameters within it is set to WSMAN/*.domain.com, domain.com being my domain. am I missing something obvious ?

    "A computer policy does not allow the
    delegation of the user credentials to the target computer. Use gpedit.msc and look at the following policy: Computer Configuration -> Administrative Templates -> System ->
    Credentials Delegation -> Allow Delegating Fresh Credentials. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a target
    computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain.com."

  • #11390

    Windows LiveUser31
    Participant

    can anyone assist ?

You must be logged in to reply to this topic.