While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.
store credentials in text file for automating powershell scripts.
Hi All,
we are using asp plugin and running powershell through web interface. Each time instead of entering password we tried the below code to connect o365. Unfortunately the code doesnt works on a 2012 server with ps1x file.
The same code works if we manually copy paste on a powershell window, we can get a session. Also on a windows 7 box the code is working. It is not working only on a windows 2012 with IIS. Is there something we need to enable on the server management so that remote code works.
The error we get is CAS server name access denied.
We also used the regular script which is working fine on windows 7 and powershell window.
we are using asp plugin and running powershell through web interface. Each time instead of entering password we tried the below code to connect o365. Unfortunately the code doesnt works on a 2012 server with ps1x file.
The same code works if we manually copy paste on a powershell window, we can get a session. Also on a windows 7 box the code is working. It is not working only on a windows 2012 with IIS. Is there something we need to enable on the server management so that remote code works.
The error we get is CAS server name access denied.
$KeyFile = "C:\temp\AES.key"
$Key = New-Object Byte[] 16
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file $KeyFile
$PasswordFile = "C:\temp\Password.txt"
$KeyFile = "C:\tempAES.key"
$Key = Get-Content $KeyFile
$Password = "xxxxxxx" | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile
$User = "serviceaccount.mydomain.onmicrosoft.com"
$PasswordFile = "C:\temp\Password.txt"
$KeyFile = "C:\tempAES.key"
$key = Get-Content $KeyFile
$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
$Session= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $MyCredential -Authentication Basic -AllowRedirection -warningaction silentlycontinue
$temp = Import-PSSession $Session -AllowClobber -DisableNameChecking
Import-Module msonline
Connect-MsolService -Credential $MyCredential
We also used the regular script which is working fine on windows 7 and powershell window.
$password = Get-content "C:\temp\password.txt" | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "serviceaccount.mydomain.onmicrosoft.com",$password
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credentials -Authentication Basic -AllowRedirection -warningaction silentlycontinue
$temp = Import-PSSession $Session -allowclobber -warningaction silentlycontinue
Import-Module msonline
Connect-MsolService -Credential $Credentials -warningaction silentlycontinue
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Hi limjianan,
I will try xml in the web interface and come back to you for any queries.
Thank you so much.
I will try xml in the web interface and come back to you for any queries.
Thank you so much.
HI Limjianan,
unfortunately the xml file also works only on windows 7, when tried the same steps in windows server 2008/2012 we get access denied with a cas server name.
Is there something we need to enable on windows firewall/port/Groupolicy/l
unfortunately the xml file also works only on windows 7, when tried the same steps in windows server 2008/2012 we get access denied with a cas server name.
Is there something we need to enable on windows firewall/port/Groupolicy/l
hmm.. strangely i am on windows 10 and it works without issue ...
i am thinking you have something blocking it and it could be environmental.
i am thinking you have something blocking it and it could be environmental.
The problem is with only when we run the credentials from web it gives us an error. All the below combinations works fine.
Windows clients ( Runs fine)
Windows Server ( Works Fine)
Web based service from windows clients ( Works fine)
Is there something we need to enable on the IIS server/ Windows component.
Windows clients ( Runs fine)
Windows Server ( Works Fine)
Web based service from windows clients ( Works fine)
Is there something we need to enable on the IIS server/ Windows component.
hm. i think i know why.
THE clixml is encrypted on the user level, i.e. only apply to the user profile. If another user import the same xml it will not decrypted.
so your IIS must use the same account that run the web service.s
THE clixml is encrypted on the user level, i.e. only apply to the user profile. If another user import the same xml it will not decrypted.
so your IIS must use the same account that run the web service.s
We have IIS server on a windows server which is in a seperate domain and the account we use to authenticate O365 is a pure cloud and not a part of our forest.
Is there any way we can encrypt machine level.
Is there any way we can encrypt machine level.
try this code
i wonder because it is IIS so it can't read file properly.
this only do in your script.
i wonder because it is IIS so it can't read file properly.
this only do in your script.
$password = convertto-securestring "TestPassword" -asplaintext -force
$credentials = New-Object System.Net.NetworkCredential("TestUsername", $password, "TestDomain")
$Session= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $MyCredential -Authentication Basic -AllowRedirection -warningaction silentlycontinue
$temp = Import-PSSession $Session -AllowClobber -DisableNameChecking
Import-Module msonline
Connect-MsolService -Credential $credentials
i think the chance become slim.
You need to see whether you can use EWS or Oauth to work out something similar
what actually you need to achieve?
trying to run powershell via asp?
You need to see whether you can use EWS or Oauth to work out something similar
what actually you need to achieve?
trying to run powershell via asp?
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Hi Limjianan
Problem is with the IIS application pool. Issue resolved after changing the IIS Application Pool Identity from the default value to a real user account having local admin permissions.
Thank you so much for helping me. I learned many ways of creating powershell session.
Problem is with the IIS application pool. Issue resolved after changing the IIS Application Pool Identity from the default value to a real user account having local admin permissions.
Thank you so much for helping me. I learned many ways of creating powershell session.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
you can save the password by
Get-Credential -UserName xxxx -message o365 | Export-Clixml c:\temp\credential-save.xm
reuse the password
$credential = import-clixml c:\temp\credential-save.xm
Import-Module MsOnline
Connect-MsolService -Crede
not sure whether that will save the hassle?