Jump to content
DigitalDentist

Configure Powershell Impersonation remotely

Recommended Posts

Is there anyway to configure powershell impersonation remotely? I am trying to run a few different powershell scripts and I'm getting access denied. I assume BC it's running as system. Is there a way around this ? Or a way to configure this option remotely?

This is the script I'm trying to run. It runs fine under my account.

Import-Module ActiveDirectory
Get-ADComputer -Filter {OperatingSystem -Like "Windows 7*"} | foreach {restart-computer $_.name -force}

 

Thanks in advance

 

 

Share this post


Link to post
Share on other sites

Copy the encrypted values from the registry from a configured system and set them via an automation script.

HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonation
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationDomain
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationPassword
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationPasswordCtrl
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationUsername

-Paul

Share this post


Link to post
Share on other sites
On 7/6/2017 at 3:05 AM, Paul said:

Copy the encrypted values from the registry from a configured system and set them via an automation script.


HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonation
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationDomain
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationPassword
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationPasswordCtrl
HKLM:\SOFTWARE\MMSOFT Design\PC Monitor\PowerShellUserImpersonationUsername

-Paul

Ok so I do this, then the window update script fails with an error can't call a null expression...the reboot script works however. Is there a way to have both work?

Share this post


Link to post
Share on other sites

Apparently it doesn't... Try using the built-in administrator account. With Windows 10 "Administrator" accounts don't have the same access level as the built-in administrator account.

-Paul

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By DigitalDentist
      This script will set the virtual machine to auto start whenever the host reboots, it will also update Hyper V integration services. Be sure and change your server names to match. Server0 is host and server1 is the Hyper V. Run on Host.
      Get-VM –VMname * | Set-VM –AutomaticStartAction Start
      Get-VM -Name SERVER1 –ComputerName server0   Set-VMDvdDrive -ComputerName server0 -VMName SERVER1 -Path 'C:\Windows\System32\vmguest.iso'   $DVDriveLetter = (Get-VMDvdDrive -ComputerName server0 -VMName SERVER1).Id | Split-Path –Leaf   Invoke-Command –ComputerName SERVER1 -ScriptBlock { if ($ENV:PROCESSOR_ARCHITECTURE -eq 'AMD64') { $folder = 'amd64' } else { $folder = 'x86'  } Start-Process -FilePath  "$($using:DVDriveLetter):\support\$folder\setup.exe" -Args '/quiet /norestart' -Wait  }   Restart-Computer –ComputerName SERVER1 -Wait -For WinRM -Force Set-VMDvdDrive -ComputerName server0 -VMName SERVER1 -ControllerNumber 1 -ControllerLocation 0 -Path $null
    • By DigitalDentist
      This script will update Hyper V integration services. Be sure and change your server names to match. Server0 is host and server1 is the Hyper V. Run on Host.
       
      Get-VM -Name SERVER1 –ComputerName server0   Set-VMDvdDrive -ComputerName server0 -VMName SERVER1 -Path 'C:\Windows\System32\vmguest.iso'   $DVDriveLetter = (Get-VMDvdDrive -ComputerName server0 -VMName SERVER1).Id | Split-Path –Leaf   Invoke-Command –ComputerName SERVER1 -ScriptBlock { if ($ENV:PROCESSOR_ARCHITECTURE -eq 'AMD64') { $folder = 'amd64' } else { $folder = 'x86'  } Start-Process -FilePath  "$($using:DVDriveLetter):\support\$folder\setup.exe" -Args '/quiet /norestart' -Wait  }   Restart-Computer –ComputerName SERVER1 -Wait -For WinRM -Force Set-VMDvdDrive -ComputerName server0 -VMName SERVER1 -ControllerNumber 1 -ControllerLocation 0 -Path $null
    • By DigitalDentist
      Is there anyway to get a report of the results of a script that was ran. For instance the check if computer has 2 hdd script, If I run this against 90 computers I don't want to click on each computer, click on the script, click again to see the results. It would be awesome if I was able to just see a list of failed and a list of passed, Is this possible?
    • By DigitalDentist
      This will download and install or upgrade veeam and install a license if you have one, finally it will import a config file if one is available. I use Dropbox and a shared link. When using Dropbox be sure and change the zero at the end to 1 to download.
      You if course would have to update the dl links. Any questions let me know. 
       
      VeeamInstall.ps1
      ## 
      $workdir = "c:\installer\"
      $LicenseFile = "$workdir\Veeamlicense.lic"
      $ConfigFile = "$workdir\config.xml"
      [Object[]]$List = @(
          New-Object -TypeName PSObject -Property @{"File" = "$workdir\Veeam2.exe"; "URL" = "https://www.dropbox.com/s/Veeamexedl=1"}
          New-Object -TypeName PSObject -Property @{"File" = $LicenseFile; "URL" = "https://www.dropbox.com/s/licensefile?dl=1"}
          New-Object -TypeName PSObject -Property @{"File" = $ConfigFile; "URL" = "https://www.dropbox.com/s/Configfiledl=1"}
      )
      $VeeamInstallDir = "C:\Program Files\Veeam\Endpoint Backup"
      # Check if work directory exists if not create it

      If (Test-Path -Path $workdir -PathType Container)
      { Write-Host "$workdir\ already exists" -ForegroundColor Red}
      ELSE
      { New-Item -Path $workdir -ItemType directory }

      # Check if Invoke-Webrequest exists otherwise execute WebClient

      $List | ForEach-Object {
          if (Get-Command 'Invoke-Webrequest') {
              Invoke-WebRequest $_.URL -OutFile $_.File
          }
          else {
              $WebClient = New-Object System.Net.WebClient
              $webclient.DownloadFile($_.URL, $_.File)
          }
      }

      # Start the installation

      Start-Process -FilePath "$workdir\Veeam2.exe" -ArgumentList "/silent /accepteula"

      # Wait XX Seconds for the installation to finish

      Start-Sleep -s 45

      #Stops Tray Process
      Stop-Process -Name "Veeam.EndPoint.Tray" -Force -ErrorAction SilentlyContinue

      #Imports License File
      Set-Location $VeeamInstallDir
      Start-Process Veeam.Agent.Configurator.exe -ArgumentList "-license /f:'$LicenseFile'" 

      Start-Process Veeam.Agent.Configurator.exe -ArgumentList "-import /f:'$ConfigFile'"

      Start-Process "$VeeamInstallDir\Veeam.EndPoint.Tray.exe"
    • By DigitalDentist
      Wrote this script with the help of Support. Thanks Ermins!
      $days = 35
      $system = Get-WmiObject win32_operatingsystem
      if($system.ConvertToDateTime($system.LastBootUpTime) -lt (Get-Date).AddDays(-$days)){
          Restart-Computer -Force
      }else{
          Write-Host "Machine was rebooted less than $days days ago"
      }
×