0

I have a Powershell script to detect disk space on a network server that requires a user/password to access it.

I followed this: http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/440ab7ed-7727-4ff7-a34a-6e69e2dff251/

To get this code:

$password = get-content C:\creds.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "username",$password
Get-WmiObject -ErrorAction Stop Win32_LogicalDisk -ComputerName $deviceName -credential $cred -Filter "DeviceID='$darg'"

$deviceName and $darg are already correctly defined.

This works just fine when running the Powershell script manually. But when I set it up as a Windows schedule task, it fails thinking the user/pass is incorrect:

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESS DENIED))

$disks = Get-WmiObject <<<< -ErrorAction Stop Win32_LogicalDisk -ComputerName $deviceName -credential $cred -Filter "DeviceID='$darg'" + CategoryInfo : NotSpecified: (:) [Get-WmiObject], Unauthorized AccessException + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Why is this? (The account is a local user on the remote server. I've tried entering the credentials on the Schedule interface but it doesn't let me save it, saying invalid login; maybe due to being a local account) ServerName\LocalUser does not work in the Windows Schedule UI, still gives the incorrect login error.

JBurace
  • 5,123
  • 17
  • 51
  • 76
  • Try using ServerName\LocalUser as the username. Consider that the specified account must be a user of the local administrators group on the target server. – Rex Hardin Nov 24 '12 at 19:16
  • 1
    I am under the impression that convertto/from-securestring works on a per-user basis if you don't provide a specific key value. IOW, one user can't read another user's data. This pre-existing SO question seems relevant: http://stackoverflow.com/questions/7109958/saving-credentials-for-reuse-by-powershell-and-error-convertto-securestring-ke. There is also relevant information discussion at Powershellcommunity.org: http://powershellcommunity.org/Forums/tabid/54/aft/8122/Default.aspx – Darin Strait Nov 26 '12 at 17:26
  • @darinstrait That was it, thanks. Feel free to drop that as an answer and I'll accept. – JBurace Nov 26 '12 at 17:52

2 Answers2

1

why dont you set the task to run under the user account and run the wmi request without credential ?

Loïc MICHEL
  • 24,935
  • 9
  • 74
  • 103
  • It's a local account on the remote server. I've tried it in the Scheduler UI, but it doesn't seem to recognize it's a valid login. Maybe because it's not on the domain. – JBurace Nov 23 '12 at 20:17
  • need more info : when you say "This works just fine when running the Powershell script manually", the script run on the server ? – Loïc MICHEL Nov 23 '12 at 20:45
  • The script run on the same PC that it is scheduled on. So instead of running the schedule, I run the .ps1 file (the script) and it works fine. – JBurace Nov 23 '12 at 20:49
  • So I maintain you should setup the task scheduler to run with your current credential. use computername\your_login as the username – Loïc MICHEL Nov 23 '12 at 22:14
1

Here is my comment, re-worded as an answer.

The convertto/from-securestring functions work on a per-user basis (if you don't provide a specific key value). IOW, one user can't read another user's data.

This pre-existing SO question seems relevant. There is also relevant discussion at Powershellcommunity.org.

Community
  • 1
  • 1
Darin Strait
  • 306
  • 2
  • 6