none
Invoke Command bypassing credentials

    Question

  • Hi,

    I need to execute a command on a remote server. When I run this command, it asks me for a password to connect to the remote server and execute the script. Is there a way, I can pass the password within the command. something similar to psexec.

    Invoke-Command -ComputerName COMPUTER -ScriptBlock { COMMAND } -credential USERNAME

    Thanks

    Wednesday, September 18, 2013 12:01 AM

Answers

  • We're having the same discussion in two separate threads now, but I'll post this here as well.  Since the remote system is running Windows 2003, there's a chance that your WinRM listener is using the old default port of 80, instead of the new default port of 5985.  Run this command on the 2003 machine to check:

    winrm enumerate winrm/config/listener

    If it is listening on port 80, the best solution is to update it to use the new default port of 5985.  From a PowerShell prompt, enter this command:

    winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'

    Saturday, September 28, 2013 7:27 PM

All replies

  • Sort of.  You do have to go through a bit of work to convert a plain text password to a SecureString, and then add that to a PSCredential object.  This is obviously not secure if you're saving a script:

    $secureString = 'PlainTextp@ssw0rd' | ConvertTo-SecureString -AsPlainText -Force
    $credential = New-Object pscredential('USERNAME', $secureString)
    
    Invoke-Command -ComputerName COMPUTER -ScriptBlock { COMMAND } -Credential $credential

    Wednesday, September 18, 2013 12:13 AM
  • Hi David,

    When I run this, I still get a dialogue box prompting me for a username and password. How can I disable that dialogue box, so it automatically takes me in.

    Thanks

    Monday, September 23, 2013 11:21 PM
  • Hi David,

    When I run this, I still get a dialogue box prompting me for a username and password. How can I disable that dialogue box, so it automatically takes me in.

    Thanks


    It shouldn't be doing that.  post your code?
    Tuesday, September 24, 2013 12:57 AM
  • Hi,

    Thanks for your posting.

    To establish a remote connection and run remote commands, the current user must be a member of the Administrators group on the remote computer. Or, the current user must be able to provide the credentials of an administrator.

    If you have the credential of the admin with the remote server, and you don’t want to enter the credential every time, please use the Get-Credential cmdlet to store a credential object in a variable.

    $cred = Get-Credential -Credential contoso\administrator
    Enter-PSSession -ComputerName syddc01 -Credential $cred
    

    After enter a remote Windows PowerShell session, you can use the Windows PowerShell cmdlets without worrying about firewall issues, remote credentials.

    For more detailed information, please refer to this article:

    Learn How to Manage Remote PowerShell Sessions:

    http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/17/learn-how-to-manage-remote-powershell-sessions.aspx

     I hope this helps.


    Thursday, September 26, 2013 10:02 AM
  • $secureString = 'TEST' | ConvertTo-SecureString -AsPlainText -Force
    $credential = New-Object pscredential('to\test-cansm', $secureString)

    Invoke-Command -ComputerName test130 -ScriptBlock {net stop SNMP} -Credential $credential

    This prompts me for a dialogue box for username and password. I need to avoid this.

    Also,I get the following error when I enter the credentials.

    New-Object : Cannot find type [pscredential]: make sure the assembly containing this type is loaded.
    At D:\TRHMIBS\MOMS\MOMS.ps1:2 char:25
    + $credential = New-Object <<<<  pscredential('to\svc-cansm', $secureString)
        + CategoryInfo          : InvalidType: (:) [New-Object], PSArgumentException
        + FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand

    [test130] Connecting to remote server failed with the following error message : The WinRM client cannot complete th
    e operation within the time specified. Check if the machine name is valid and is reachable over the network and firewal
    l exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshootin
    g Help topic.
        + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
        + FullyQualifiedErrorId : PSSessionStateBroken

    Saturday, September 28, 2013 4:04 PM
  • Also I ran this command on the remote machine and it executed correctly, however I still get the same error.
    enable-psremoting -force

    Saturday, September 28, 2013 4:37 PM
  • I was able to resolve the issue with loading the assembly, by using this.

    $username = ConvertTo-SecureString username -AsPlainText -Force
    $password = ConvertTo-SecureString password -AsPlainText -Force
    $cred = new-object management.automation.pscredential $username,$password

    Invoke-Command -ComputerName TEST130 -ScriptBlock{net stop SNMP} -Credential $cred

    However I still get the error

    [TEST130] Connecting to remote server failed with the following error message : The WinRM client cannot complete th
    e operation within the time specified. Check if the machine name is valid and is reachable over the network and firewal
    l exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshootin
    g Help topic.
        + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
        + FullyQualifiedErrorId : PSSessionStateBroken

    Saturday, September 28, 2013 4:45 PM
  • You shouldn't convert the username to a SecureString, only the password.  I don't think that would cause the error you're receiving, but would eventually become a problem.

    Is your firewall (both Windows Firewall, and any physical routers / firewalls along the network route) allowing traffic on TCP port 5985?

    Saturday, September 28, 2013 5:36 PM
  • Hi David,

    The remote machine has Windows Firewall disabled and there is no external firewall in between. On the local machine where I am running this command from, I have enabled all TCP ports bidirectional, since it is Windows 2008. The remote server is Windows 2003.

    Thanks

    Saturday, September 28, 2013 5:49 PM
  • Hi David,

    The remote machine has Windows Firewall disabled and there is no external firewall in between. On the local machine where I am running this command from, I have enabled all TCP ports bidirectional, since it is Windows 2008. The remote server is Windows 2003.

    Thanks

    David is right, you should not convert the username.  Just the password.  The error is unrelated.

    See if there is a connectivity issue between the two hosts.  Run "telnet TEST130 25" (you may need to install the telnet client feature).

    Are you running the invoke-command cmdlet in a ps remoting session?

    Saturday, September 28, 2013 5:59 PM
  • We're having the same discussion in two separate threads now, but I'll post this here as well.  Since the remote system is running Windows 2003, there's a chance that your WinRM listener is using the old default port of 80, instead of the new default port of 5985.  Run this command on the 2003 machine to check:

    winrm enumerate winrm/config/listener

    If it is listening on port 80, the best solution is to update it to use the new default port of 5985.  From a PowerShell prompt, enter this command:

    winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'

    Saturday, September 28, 2013 7:27 PM
  • Hi there,

    $cred = Get-Credential -Credential contoso\administrator
    Enter-PSSession -ComputerName syddc01 -Credential $cred

    this would take the user ID but it would not take the password.

    usually get-credentials does help but it stores the user id, what can use to store the password.

    ===========================================================

    I am running the below commands to access a network share.

    explorer.exe network location
    $username = 'domain\userdID'
    $password = 'password'
    $cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
    Get-Credential -Credential $cred

    it still gives me the prompt to enter user ID and password however if i run the following it only ask for password.

    explorer.exe networklocation  | get-credential userdID

    i am not sure what can i use to bypass the password prompt

    • Edited by Himi24 Thursday, November 14, 2013 2:58 AM
    Thursday, November 14, 2013 2:48 AM