Solved

Powershell: Invoke-Command under non-current user

Posted on 2013-01-25
8
2,377 Views
Last Modified: 2013-02-04
I want to run a command under a different user (like RunAs but using Powershell) however:
Invoke-command -ScriptBlock {netsh winhttp show proxy} -Credential user@domain.loc

Open in new window

gives this error:
Invoke-Command : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:4
+ icm <<<<  -ScriptBlock {netsh winhttp show proxy} -Credential user@domain.loc
    + CategoryInfo          : InvalidArgument: (:) [Invoke-Command], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.InvokeCommandCommand

Open in new window

How to make it work?
Thank you.
0
Comment
Question by:PavelTMN
8 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 38819654
Strange, that should work. Try if enclosing the user name in single or double quotes helps.

A parameter set is a combination of parameters needing to be used together. The -Scriptblock allows for 4 different parameter sets, which of two contain -Credential . You should get that error only if you mix different sets, like using -Scriptblock and -FilePath together.
However, the error message showing ICM while you use Invoke-Command is suspicious ... Are you showing the real command you've used?
0
 
LVL 1

Author Comment

by:PavelTMN
ID: 38819862
Try if enclosing the user name in single or double quotes helps
No, it doesn't.
showing ICM while you use Invoke-Command is suspicious
ICM is an alias for Invoke-Command. I made a mistake when copy-pasting.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 38820018
Of course, icm is the alias, but I suspected we do not see all you've done. If that is the only mistake you made, I'm clueless, because it should work and does here. We can be sure it is PowerShell 2.0?
0
 
LVL 1

Author Comment

by:PavelTMN
ID: 38820169
That one-liner is all there is.
The version is 2
PS C:\Windows\system32> $PSVersionTable

Name                           Value
----                           -----
CLRVersion                     2.0.50727.5466
BuildVersion                   6.1.7601.17514
PSVersion                      2.0
WSManStackVersion              2.0
PSCompatibleVersions           {1.0, 2.0}
SerializationVersion           1.1.0.1
PSRemotingProtocolVersion      2.1

Open in new window

Could be GPO settings but on a domain-independent system it's the same.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 40

Expert Comment

by:Subsun
ID: 38820238
Are you entering the correct credentials when prompted?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 38821931
Let's perform some tests, and see if icm acts as expected:
* use only -scriptblock, without -credentials
* use a PSCredential object for -credentials:
-Credentials (new-object System.Management.Automation.PSCredential(
  'user@domain.loc', 
  ConvertTo-SecureString 'Password' -AsPlainText -Force)

Open in new window

0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 38821997
Did some tests and PS debugging, and it seems as if the help is incorrectly stating you can provide a scriptblock, credentials and omit the computername.

Debugging
First find out available parameter sets and their parameters:
get-command invoke-command | 
  select -Expand parametersets | 
  % {
    $set = $_.Name
    $_.Parameters |
       % { write-host $set, $_.Name -fore $(if ($_.IsMandatory) { "Red" } else { "White" }) }
  }

Open in new window

InProcess ScriptBlock
InProcess InputObject
InProcess ArgumentList
InProcess Verbose
InProcess Debug
InProcess ErrorAction
InProcess WarningAction
InProcess ErrorVariable
InProcess WarningVariable
InProcess OutVariable
InProcess OutBuffer
FilePathRunspace Session
FilePathRunspace ThrottleLimit
FilePathRunspace AsJob
FilePathRunspace HideComputerName
FilePathRunspace JobName
FilePathRunspace FilePath
FilePathRunspace InputObject
FilePathRunspace ArgumentList
FilePathRunspace Verbose
FilePathRunspace Debug
FilePathRunspace ErrorAction
FilePathRunspace WarningAction
FilePathRunspace ErrorVariable
FilePathRunspace WarningVariable
FilePathRunspace OutVariable
FilePathRunspace OutBuffer
Session Session
Session ThrottleLimit
Session AsJob
Session HideComputerName
Session JobName
Session ScriptBlock
Session InputObject
Session ArgumentList
Session Verbose
Session Debug
Session ErrorAction
Session WarningAction
Session ErrorVariable
Session WarningVariable
Session OutVariable
Session OutBuffer
ComputerName ComputerName
ComputerName Credential
ComputerName Port
ComputerName UseSSL
ComputerName ConfigurationName
ComputerName ApplicationName
ComputerName ThrottleLimit
ComputerName AsJob
ComputerName HideComputerName
ComputerName JobName
ComputerName ScriptBlock
ComputerName SessionOption
ComputerName Authentication
ComputerName InputObject
ComputerName ArgumentList
ComputerName CertificateThumbprint
ComputerName Verbose
ComputerName Debug
ComputerName ErrorAction
ComputerName WarningAction
ComputerName ErrorVariable
ComputerName WarningVariable
ComputerName OutVariable
ComputerName OutBuffer
FilePathComputerName ComputerName
FilePathComputerName Credential
FilePathComputerName Port
FilePathComputerName UseSSL
FilePathComputerName ConfigurationName
FilePathComputerName ApplicationName
FilePathComputerName ThrottleLimit
FilePathComputerName AsJob
FilePathComputerName HideComputerName
FilePathComputerName JobName
FilePathComputerName FilePath
FilePathComputerName SessionOption
FilePathComputerName Authentication
FilePathComputerName InputObject
FilePathComputerName ArgumentList
FilePathComputerName Verbose
FilePathComputerName Debug
FilePathComputerName ErrorAction
FilePathComputerName WarningAction
FilePathComputerName ErrorVariable
FilePathComputerName WarningVariable
FilePathComputerName OutVariable
FilePathComputerName OutBuffer
Uri Credential
Uri ConfigurationName
Uri ThrottleLimit
Uri ConnectionUri
Uri AsJob
Uri HideComputerName
Uri JobName
Uri ScriptBlock
Uri AllowRedirection
Uri SessionOption
Uri Authentication
Uri InputObject
Uri ArgumentList
Uri CertificateThumbprint
Uri Verbose
Uri Debug
Uri ErrorAction
Uri WarningAction
Uri ErrorVariable
Uri WarningVariable
Uri OutVariable
Uri OutBuffer
FilePathUri Credential
FilePathUri ConfigurationName
FilePathUri ThrottleLimit
FilePathUri ConnectionUri
FilePathUri AsJob
FilePathUri HideComputerName
FilePathUri JobName
FilePathUri FilePath
FilePathUri AllowRedirection
FilePathUri SessionOption
FilePathUri Authentication
FilePathUri InputObject
FilePathUri ArgumentList
FilePathUri Verbose
FilePathUri Debug
FilePathUri ErrorAction
FilePathUri WarningAction
FilePathUri ErrorVariable
FilePathUri WarningVariable
FilePathUri OutVariable
FilePathUri OutBuffer

Open in new window

Then see how parameters are bound:
Trace-Command -Option all parameterbinding -PSHost { invoke-command -scriptblock { write-host "1" } -credential $cred }

Open in new window

which outputs
BIND NAMED cmd line args [Invoke-Command]
    BIND arg [ write-host "1" ] to parameter [ScriptBlock]
        COERCE arg to [System.Management.Automation.ScriptBlock]
            Parameter and arg types the same, no coercion is needed.
        Executing VALIDATION metadata: [System.Management.Automation.ValidateNotNullAttribute]
        BIND arg [ write-host "1" ] to param [ScriptBlock] SUCCESSFUL
    BIND arg [System.Management.Automation.PSCredential] to parameter [Credential]
        Executing DATA GENERATION metadata: [System.Management.Automation.CredentialAttribute]
            result returned from DATA GENERATION: System.Management.Automation.PSCredential
        COERCE arg to [System.Management.Automation.PSCredential]
            Parameter and arg types the same, no coercion is needed.
        BIND arg [System.Management.Automation.PSCredential] to param [Credential] SUCCESSFUL
BIND POSITIONAL cmd line args [Invoke-Command]
Remaining valid parameter set: ComputerName
Remaining valid parameter set: Uri

Open in new window

(the remaining output is for displaying the error message).
Obviously (and according to http://connect.microsoft.com/PowerShell/feedback/details/676872/invoke-command-parameter-bug-parameter-set-cannot-be-resolved) PS cannot decide which parameter set to apply. That is a definition error, since there should be a difference in the mandatory parameters for different parameter sets.

The only workaround is to use -ComputerName localhost (or -ComputerName 127.0.0.1), but that requires Remoting (WinRM), and it is significantly slower compared to the -Scriptblock-only command.
0
 
LVL 39

Expert Comment

by:footech
ID: 38822897
@Qlemo - Thanks!  I learned something about PS debugging today.  :)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Synchronize a new Active Directory domain with an existing Office 365 tenant
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now