0

I am currently running a powershell script that displays a message asking which script do you want to run. 1-5? Once the user selects this it imports credentials using Import-Credential on a clixml file and runs something like:

Invoke-Command -ComputerName $Server -Credential $Cred -ScriptBlock {& C:\Temp\script.ps1}

The script then launches on the server but has no permission to read / copy / move files. I assumed because I ran with the credentials specified it would be able to perform the actions needed.

Troubleshooting

If the credentials specified were wrong then it wouldn't launch the script on the server at all.

I've tried running the script on the server and it works perfectly.

I can't see a way to pass credentials on the {& C:\Temp\script.ps1} or I would create another set of credentials on the server and use that.

Any help would be appreciated.

Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
Jason27300
  • 11
  • 2
  • 1
    if `script.ps1` requires a new set of credentials to run you might run into a double-hop issue – Santiago Squarzon Nov 24 '22 at 18:48
  • 1
    See [this answer](https://stackoverflow.com/a/48692809/45375) for background information and a workaround, assuming that the problem you're facing is access to network shares from the remote session. – mklement0 Nov 24 '22 at 18:52
  • It is trying to access another servers shared drive. One of the answers in that post involved using extra credentials which I have stored in a clixml file. When trying to import the credentials it returns an error. Key not valid for use in specified state. + CategoryInfo : NotSpecified: (:) [Import-Clixml], CryptographicException + FullyQualifiedErrorId : System.Security.Cryptography.CryptographicException,Microsoft.PowerS hell.Commands.ImportClixmlCommand – Jason27300 Nov 25 '22 at 09:57
  • You cannot use a `.clixml` with persisted credentials on a different machine (or in a different user context). The linked answer suggests using a `$using:` reference with a variable containing a `[pscredential]` instance defined on the caller's side. Did you try that, and did it not work? In short, you'd use `New-PsDrive -Credential $using:Cred ...` inside the remote script block. – mklement0 Nov 25 '22 at 11:12
  • 1
    Thanks all for your comments. I will check out that suggestion as well. I've managed to get it setup using CredSSP as per your link. I basically just ran Enable-WSManCredSSP -Role Client "server123" on the laptop I was running it from. I ran Enable-WSManCredSSP -Role Server on the server. and added -Authentication Credssp to the end of my Invoke-Command and everything is running perfect now. – Jason27300 Nov 25 '22 at 11:49

0 Answers0