Powershell: Invoke-Command under non-current user

Posted on 2013-01-25
Last Modified: 2013-02-04
I want to run a command under a different user (like RunAs but using Powershell) however:
Invoke-command -ScriptBlock {netsh winhttp show proxy} -Credential user@domain.loc

Open in new window

gives this error:
Invoke-Command : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:4
+ icm <<<<  -ScriptBlock {netsh winhttp show proxy} -Credential user@domain.loc
    + CategoryInfo          : InvalidArgument: (:) [Invoke-Command], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.InvokeCommandCommand

Open in new window

How to make it work?
Thank you.
Question by:PavelTMN
LVL 69

Expert Comment

ID: 38819654
Strange, that should work. Try if enclosing the user name in single or double quotes helps.

A parameter set is a combination of parameters needing to be used together. The -Scriptblock allows for 4 different parameter sets, which of two contain -Credential . You should get that error only if you mix different sets, like using -Scriptblock and -FilePath together.
However, the error message showing ICM while you use Invoke-Command is suspicious ... Are you showing the real command you've used?

Author Comment

ID: 38819862
Try if enclosing the user name in single or double quotes helps
No, it doesn't.
showing ICM while you use Invoke-Command is suspicious
ICM is an alias for Invoke-Command. I made a mistake when copy-pasting.
LVL 69

Expert Comment

ID: 38820018
Of course, icm is the alias, but I suspected we do not see all you've done. If that is the only mistake you made, I'm clueless, because it should work and does here. We can be sure it is PowerShell 2.0?
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Author Comment

ID: 38820169
That one-liner is all there is.
The version is 2
PS C:\Windows\system32> $PSVersionTable

Name                           Value
----                           -----
CLRVersion                     2.0.50727.5466
BuildVersion                   6.1.7601.17514
PSVersion                      2.0
WSManStackVersion              2.0
PSCompatibleVersions           {1.0, 2.0}
PSRemotingProtocolVersion      2.1

Open in new window

Could be GPO settings but on a domain-independent system it's the same.
LVL 40

Expert Comment

ID: 38820238
Are you entering the correct credentials when prompted?
LVL 69

Expert Comment

ID: 38821931
Let's perform some tests, and see if icm acts as expected:
* use only -scriptblock, without -credentials
* use a PSCredential object for -credentials:
-Credentials (new-object System.Management.Automation.PSCredential(
  ConvertTo-SecureString 'Password' -AsPlainText -Force)

Open in new window

LVL 69

Accepted Solution

Qlemo earned 500 total points
ID: 38821997
Did some tests and PS debugging, and it seems as if the help is incorrectly stating you can provide a scriptblock, credentials and omit the computername.

First find out available parameter sets and their parameters:
get-command invoke-command | 
  select -Expand parametersets | 
  % {
    $set = $_.Name
    $_.Parameters |
       % { write-host $set, $_.Name -fore $(if ($_.IsMandatory) { "Red" } else { "White" }) }

Open in new window

InProcess ScriptBlock
InProcess InputObject
InProcess ArgumentList
InProcess Verbose
InProcess Debug
InProcess ErrorAction
InProcess WarningAction
InProcess ErrorVariable
InProcess WarningVariable
InProcess OutVariable
InProcess OutBuffer
FilePathRunspace Session
FilePathRunspace ThrottleLimit
FilePathRunspace AsJob
FilePathRunspace HideComputerName
FilePathRunspace JobName
FilePathRunspace FilePath
FilePathRunspace InputObject
FilePathRunspace ArgumentList
FilePathRunspace Verbose
FilePathRunspace Debug
FilePathRunspace ErrorAction
FilePathRunspace WarningAction
FilePathRunspace ErrorVariable
FilePathRunspace WarningVariable
FilePathRunspace OutVariable
FilePathRunspace OutBuffer
Session Session
Session ThrottleLimit
Session AsJob
Session HideComputerName
Session JobName
Session ScriptBlock
Session InputObject
Session ArgumentList
Session Verbose
Session Debug
Session ErrorAction
Session WarningAction
Session ErrorVariable
Session WarningVariable
Session OutVariable
Session OutBuffer
ComputerName ComputerName
ComputerName Credential
ComputerName Port
ComputerName UseSSL
ComputerName ConfigurationName
ComputerName ApplicationName
ComputerName ThrottleLimit
ComputerName AsJob
ComputerName HideComputerName
ComputerName JobName
ComputerName ScriptBlock
ComputerName SessionOption
ComputerName Authentication
ComputerName InputObject
ComputerName ArgumentList
ComputerName CertificateThumbprint
ComputerName Verbose
ComputerName Debug
ComputerName ErrorAction
ComputerName WarningAction
ComputerName ErrorVariable
ComputerName WarningVariable
ComputerName OutVariable
ComputerName OutBuffer
FilePathComputerName ComputerName
FilePathComputerName Credential
FilePathComputerName Port
FilePathComputerName UseSSL
FilePathComputerName ConfigurationName
FilePathComputerName ApplicationName
FilePathComputerName ThrottleLimit
FilePathComputerName AsJob
FilePathComputerName HideComputerName
FilePathComputerName JobName
FilePathComputerName FilePath
FilePathComputerName SessionOption
FilePathComputerName Authentication
FilePathComputerName InputObject
FilePathComputerName ArgumentList
FilePathComputerName Verbose
FilePathComputerName Debug
FilePathComputerName ErrorAction
FilePathComputerName WarningAction
FilePathComputerName ErrorVariable
FilePathComputerName WarningVariable
FilePathComputerName OutVariable
FilePathComputerName OutBuffer
Uri Credential
Uri ConfigurationName
Uri ThrottleLimit
Uri ConnectionUri
Uri AsJob
Uri HideComputerName
Uri JobName
Uri ScriptBlock
Uri AllowRedirection
Uri SessionOption
Uri Authentication
Uri InputObject
Uri ArgumentList
Uri CertificateThumbprint
Uri Verbose
Uri Debug
Uri ErrorAction
Uri WarningAction
Uri ErrorVariable
Uri WarningVariable
Uri OutVariable
Uri OutBuffer
FilePathUri Credential
FilePathUri ConfigurationName
FilePathUri ThrottleLimit
FilePathUri ConnectionUri
FilePathUri AsJob
FilePathUri HideComputerName
FilePathUri JobName
FilePathUri FilePath
FilePathUri AllowRedirection
FilePathUri SessionOption
FilePathUri Authentication
FilePathUri InputObject
FilePathUri ArgumentList
FilePathUri Verbose
FilePathUri Debug
FilePathUri ErrorAction
FilePathUri WarningAction
FilePathUri ErrorVariable
FilePathUri WarningVariable
FilePathUri OutVariable
FilePathUri OutBuffer

Open in new window

Then see how parameters are bound:
Trace-Command -Option all parameterbinding -PSHost { invoke-command -scriptblock { write-host "1" } -credential $cred }

Open in new window

which outputs
BIND NAMED cmd line args [Invoke-Command]
    BIND arg [ write-host "1" ] to parameter [ScriptBlock]
        COERCE arg to [System.Management.Automation.ScriptBlock]
            Parameter and arg types the same, no coercion is needed.
        Executing VALIDATION metadata: [System.Management.Automation.ValidateNotNullAttribute]
        BIND arg [ write-host "1" ] to param [ScriptBlock] SUCCESSFUL
    BIND arg [System.Management.Automation.PSCredential] to parameter [Credential]
        Executing DATA GENERATION metadata: [System.Management.Automation.CredentialAttribute]
            result returned from DATA GENERATION: System.Management.Automation.PSCredential
        COERCE arg to [System.Management.Automation.PSCredential]
            Parameter and arg types the same, no coercion is needed.
        BIND arg [System.Management.Automation.PSCredential] to param [Credential] SUCCESSFUL
BIND POSITIONAL cmd line args [Invoke-Command]
Remaining valid parameter set: ComputerName
Remaining valid parameter set: Uri

Open in new window

(the remaining output is for displaying the error message).
Obviously (and according to PS cannot decide which parameter set to apply. That is a definition error, since there should be a difference in the mandatory parameters for different parameter sets.

The only workaround is to use -ComputerName localhost (or -ComputerName, but that requires Remoting (WinRM), and it is significantly slower compared to the -Scriptblock-only command.
LVL 39

Expert Comment

ID: 38822897
@Qlemo - Thanks!  I learned something about PS debugging today.  :)

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this previous article (, we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
Synchronize a new Active Directory domain with an existing Office 365 tenant
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to count occurrences of each item in an array.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now