3

I have access as an admin on a machine and I have to Start, Stop and Restart some of the window services using the Powershell script. We don't want to have UAC prompt while running the script because only one user would have access to that machine. Also due to some specific requirements, we have to have run that script file by adding the admin credentials inside it.

Along with other solutions I have tried so far, the one close to what I am looking for is as follows

$username = "Domain\user"
$password = ConvertTo-SecureString "myPassword" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)

Set-Service -Name Spooler -Status Running -PassThru -Credential $psCred

But I am getting following error.

Set-Service : A parameter cannot be found that matches parameter name 'Credential'. At line:6 char:53 + ... t-Service -Name Spooler -Status Running -PassThru -Credential $psCred + ~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Set-Service], ParameterBindingException + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.SetServiceCommand

Update 1 (Trying suggestion)

Invoke-Command -credential $psCred -command {Set-Service -Name Spooler -Status Running -PassThru} -computername myComputerName

[myComputerName] Connecting to remote server myComputerName failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (myComputerName:String) [], PSRemotingTransportException + FullyQualifiedErrorId : CannotConnect,PSSessionStateBroken

Update 2

I had to enabled PSRemoting on machine using command Enable-PSRemoting -Force -SkipNetworkProfileCheck so Invoke-Command can execute but after repeating the command Invoke-Command -credential $psCred -command {Set-Service -Name Spooler -Status Running -PassThru} -computername localhost I got following error

[localhost] Connecting to remote server localhost failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (localhost:String) [], PSRemotingTransportException + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken

Running the same set of command in elevated powershell window is working fine.

Can you please guide me in the right direction considering I am newbie in the Powershell world.

Ajendra Prasad
  • 299
  • 1
  • 8
  • 22
  • The `Set-Service` command does not have a credential parameter. You could use `Invoke-Command -credential $pscred -command {Set-Service -Name Spooler -Status Running -PassThru}` – Lieven Keersmaekers Jan 14 '20 at 06:49
  • @LievenKeersmaekers, I tried what you suggested but it didn't work. After searching the reason I found that "-credential without -computername can't exist". Please check the update in my question – Ajendra Prasad Jan 14 '20 at 07:05
  • Try `-computername localhost` – Lieven Keersmaekers Jan 14 '20 at 07:37
  • @LievenKeersmaekers, I have tried few steps related to your suggestion and shared findings in the **Update 2** of my question. Please take a look – Ajendra Prasad Jan 14 '20 at 09:41
  • In that case, you can try by running powershell as in [this](https://stackoverflow.com/q/28989750/52598) question – Lieven Keersmaekers Jan 14 '20 at 09:57
  • can you try replacing -command with `-ScriptBlock` as mentioned in the below answer. -command doesn't seem be a correct parameter name – Kundan Jan 14 '20 at 17:11

1 Answers1

0

As mentioned in the official documentation of Set-Service

Can you try like this? 

$Cred = Get-Credential
$hostname = "$env:computername.$env:userdnsdomain"
Write-Host $hostname
Invoke-Command -ComputerName $hostname -Credential $Cred -ScriptBlock{ Start-Service -Name Spooler}

Also if you don't want to prompt for the credentials then you can store the credentials in the Windows credentials manager and get it from their in your PowerShell script. Refer to this answer for using credential manager with PowerShell

Kundan
  • 1,394
  • 1
  • 13
  • 26
  • Thanks Kundan, but when trying following script `$Cred = Get-Credential $S = Get-Service -Name Spooler Invoke-Command -ComputerName localhost -Credential $Cred -ScriptBlock { Set-Service -InputObject $S -Status Running }` It throws error: [localhost] Connecting to remote server localhost failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (localhost:String) [], PSRemotingTransportException + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken – Ajendra Prasad Jan 14 '20 at 18:46
  • That means command is now properly running but user does not have access to perform the activity – Kundan Jan 14 '20 at 19:00
  • can you use `$hostname = $env:COMPUTERNAME` to get the current machine name instead of using localhost and try the same script? See the updated script above. – Kundan Jan 14 '20 at 19:06
  • Running `sc stop Spooler` in command prompt as different user giving [SC] OpenService FAILED 5: Access is denied. – Ajendra Prasad Jan 15 '20 at 13:18
  • try this one. `Invoke-Command -ComputerName MachineName.domain -Credential domain\username -ScriptBlock{ Start-Service -Name Spooler}` change it to Stop-Service if you want to stop it – Kundan Jan 15 '20 at 15:38
  • try the modified script in answer – Kundan Jan 15 '20 at 15:51