2016-03-01 10:10 AM - edited 2016-03-01 10:17 AM
I want to use Powershell toolkit 3.3 to throttle SnapVault relation at a specific time of the day. I can run the script successfully from the powershell command line. The same script will fail if I run it in the Micsosoft task schedular of Win 2012R2 using system account. I've tried to right click on the script in the task scheduler, and then run it but the script stays in "running" state forever. I added a couple of commands to write text to a log file to know where the script stops at, and I found it stops at "connect-nacontroller filer_ip -Credential $cred"! Please note that system account has full right on the machine. Here's the script:
I ran the following commands to store the secure pass in a file:
$secureString = Read-Host -AsSecureString "Enter password to convert to secure string"
$secureString | ConvertFrom-SecureString | Out-File -PSPath "C:\ps.txt"
-------------------------- script start from here
$secureString = Get-Content -PSPath "C:\ps.txt" | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "username",$secureString
connect-nacontroller filer_ip -Credential $cred
Set-NaSnapvault -PrimarySystem primary_filer -PrimaryPath /vol/vol_name -SecondaryPath /vol/vol_name -MaxTransferRate 4mb
Do you have any idea what's going on or how to fix it?
Appreciate your quick help!
Solved! SEE THE SOLUTION
2016-03-01 10:17 AM
Secure strings are encrypted on a per-user basis. If you encrypt it, then no other user can decrypt it. Try running the scheduled task as your user and see if it succeeds.
2016-03-01 10:32 AM
Is there any other way I can encrypt the password and then run the script under anohter account? The problem I'm using a card to authenticate my account to the system, so my account couldn't be used to run the script in the task schedular. Your thoughts will be highly appreciated.
2016-03-02 11:54 AM - edited 2016-03-02 12:17 PM
Could you try using Get-Credential instead?
$cred = Get-Credential
It'll prompt for the login and password - use the service account and password - see if that works.
You can check out this link concenring saving it to a file and reusing the credentials
2016-03-03 06:34 AM
I believe that all of the methods which store the password securely are tied specifically to the user which creates the secured password/credentail object. This page has several methods of saving credentails (including showing how to read in a plaintext password and convert it into a PSCredential object).
You might try using a service account for executing the scheduled task. Open a PowerShell prompt as the service account, create the credential object and store it securely, then when it's executed by Scheduler it won't have an issue accessing the credential.
2016-03-03 10:41 AM
Thanks Andrew. I used Psexec -s -i powershell.exe. Ran get-securestring and save it to a txt file. Then I used the task schedular to run the script unders system account, and it went successfully.