This is what I was trying to do:
$secpass = ConvertTo-secureString "password" -asPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("username",$secpass)
start-process powershell.exe -Credential $cred -ArgumentList ".\Install.ps1 -serverfile .\servers.txt "
I would get this error:Start-Process : This command cannot be executed due to the error: Logon failure: unknown user name or bad password.The thing is that I had used the credentials to do an invoke-command and they worked fine.
invoke-command -Credential $cred -ComputerName $server -ScriptBlock { Invoke-Expression "C:\temp\Install.ps1 -serverfile c:\temp\servers.txt" }
So I did a bit of investigating:
PS C:\temp> $cred.GetNetworkCredential()Which lead me to two questions:
UserName Password Domain
username password
- Where did I expect the domain to come from if I've not passed it in?
- Why did it work before?
$secpass = ConvertTo-secureString "password" -asPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("domain\username",$secpass)
start-process powershell.exe -Credential $cred -ArgumentList ".\Install.ps1 -serverfile .\servers.txt "
So now we get:
PS C:\temp> $cred.GetNetworkCredential()The script now runs fine
UserName Password Domain
username password domain
> 1. Where did I expect the domain to come from if I've not passed it in?
ReplyDeleteIt comes from the username. The username string is in the format 'domain'\'domain-username'. E.g. facebook\mark.zuckerberg
Also, there's a cmdlet called Get-Credential which will prompt for user/password without having the password stored as clear text anywhere.