locked
question concerning variables in MDT's provider RRS feed

  • Question

  • I have a simple script that copies a file to a share that my creds have access to.  Using the run powershell command in MDT 2013 it fails with access denied.  Does the powershell command not run under my creds.

    I've found some conversations regarding these variables, but I cannot seem to find concrete information on how they are used...

    $tsenv:UserID
    $tsenv:UserDomain
    $tsenv:UserPassword

    Monday, April 20, 2015 4:18 PM

Answers

All replies

  • Those are the creds used to map/connect to the Deployment Share upon starting the deployment.  They are not the creds used to log into the system, that is the local Administrator.

    If you look at the XML for the Task Sequence, you'll see there is a way to tell the TS to run the step using a specified credential, maybe you can try editing it there?  I've never tried it, but seems like it's worth a try.


    -BrianG (http://supportishere.com)

    Monday, April 20, 2015 4:34 PM
  • They are also base64 encoded...  So they are not usable as variables without some work:

    http://blogs.technet.com/b/mniehaus/archive/2012/06/27/encoding-sensitive-information-in-customsettings-ini-and-bootstrap-ini.aspx

    So if you want to use those variables you need to do as Michael's blog says.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.




    • Proposed as answer by Ty Glander Monday, April 20, 2015 8:19 PM
    • Edited by Ty Glander Monday, April 20, 2015 8:43 PM
    • Marked as answer by Peter David Wood Tuesday, April 21, 2015 3:52 PM
    Monday, April 20, 2015 8:03 PM
  • Is it necessary in the customsettings and the bootstrap as the variables are already present, just need to be decoded?  Guess there is only one way to find out :)
    Tuesday, April 21, 2015 1:57 PM
  • Hah! appears I have success!

    for those who may be looking for a similar solution.  I've added this to my script that I was running.  Yes, I could create environment variables to make it slightly more persistent but in my case, this is just a basic outline.

    Thanks to both for the help ultimately Ty got me on the right path.

    #UserName
    $tmpuser=$tsenv:UserID
    $tmpuser=[System.Text.Encoding]::Default.GetString([System.Convert]::FromBase64String($tmpuser))
    
    #DomainName
    $tmpdomain=$tsenv:UserDomain
    $tmpdomain=[System.Text.Encoding]::Default.GetString([System.Convert]::FromBase64String($tmpdomain))
    
    #set password to variable
    $tmppassword=$tsenv:UserPassword
    
    #Decode Password
    [string]$tmppassword=[System.Text.Encoding]::Default.GetString([System.Convert]::FromBase64String($tmppassword))
    
    #Convert to secure string
    $mypassword=ConvertTo-SecureString -String $tmppassword -AsPlainText -Force
    
    #format domainname\username for PSCredential object
    [string]$tmpFQusername=$tmpdomain + "\" + $tmpuser
    
    $creds = new-object System.Management.Automation.PSCredential($tmpFQusername,$mypassword)
    
    New-PSDrive -Name Mydrive -PSProvider FileSystem -Root "\\servername\sharename" -Credential $creds


    Tuesday, April 21, 2015 3:52 PM