janhoedt
asked on
Ps: run remote script with local generated parameters as different (admin) user, get results back locally
Hi,
I d need to run a powershell script on a remote server with specific admin credentials, passing also local parameters. I do need the output LOCALLY.
It should really run ON the remote computer otherwise you have the double hop issue (f.e.you cannot do a test-path $path via blue-collar).
How could I achieve that?
Something like
invoke-command {start-job $MyCommand parameters -credentials} -session $session -asjob -credentials $credentials
?
Tried it but result is empty
---
Found something here:
https://devblogs.microsoft.com/scripting/powershell-jobs-week-remote-jobs/
Please see also:
https://www.experts-exchange.com/questions/29167473/Invoke-Pssession-Parameter-set-cannot-be-resolved-using-the-specified-named-parameters.html
I d need to run a powershell script on a remote server with specific admin credentials, passing also local parameters. I do need the output LOCALLY.
It should really run ON the remote computer otherwise you have the double hop issue (f.e.you cannot do a test-path $path via blue-collar).
How could I achieve that?
Something like
invoke-command {start-job $MyCommand parameters -credentials} -session $session -asjob -credentials $credentials
?
Tried it but result is empty
---
Found something here:
https://devblogs.microsoft.com/scripting/powershell-jobs-week-remote-jobs/
Please see also:
https://www.experts-exchange.com/questions/29167473/Invoke-Pssession-Parameter-set-cannot-be-resolved-using-the-specified-named-parameters.html
If you're just concerned about the double-hop issue, why not configure the involved machines to avoid that? There's a few methods.
https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/
I'd say using one of those methods is a better solution to the problem than trying to run parts of your script with different credentials. Unless the cmdlets you're working with in the remote session have a -credentials parameter I don't think you will have much luck.
https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/
I'd say using one of those methods is a better solution to the problem than trying to run parts of your script with different credentials. Unless the cmdlets you're working with in the remote session have a -credentials parameter I don't think you will have much luck.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Isn't it great that that's one of the methods that's mentioned (with a link to another page describing the usage) on the link I provided?
ASKER
# Using the $using modifier
$MyCommand = "$pathtoscript -cred $cred"
Write-Debug $MyCommand
$SB = {
Start-Job $using:MyCommand -wait
}
$Job = Invoke-Command -ScriptBlock $SB -ComputerName computer -asjob -cred $cred
$Result = Receive-Job -name $($job.name)
If ($Result) then remove-Job