Microsoft Virtualization Discussions

A problem when running A PowerShell script in Microsoft task schedular

ehabshukry
9,498 Views

Hello,

 

I want to use Powershell toolkit 3.3 to throttle SnapVault relation at a specific time of the day. I can run the script successfully  from the powershell command line. The same script will fail if I run it in the Micsosoft task schedular of Win 2012R2 using system account. I've tried to right click on the script in the task scheduler, and then run it but the script stays in "running" state  forever.  I added a couple of commands to write text to a log file to  know where the script stops at, and I found it stops at  "connect-nacontroller filer_ip -Credential  $cred"! Please note that system account has full right on the machine. Here's the script:

 

I ran the following commands to store the secure pass in a file:

$secureString = Read-Host -AsSecureString "Enter password to convert to secure string"

$secureString | ConvertFrom-SecureString | Out-File -PSPath "C:\ps.txt"

 

-------------------------- script start from here
$secureString = Get-Content -PSPath "C:\ps.txt" | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "username",$secureString

connect-nacontroller filer_ip -Credential  $cred 

 

Set-NaSnapvault -PrimarySystem primary_filer -PrimaryPath /vol/vol_name -SecondaryPath /vol/vol_name -MaxTransferRate 4mb

exit

 

Do you have any idea what's going on or how to fix it?

 

Appreciate your quick help!

Thanks,

 

 

 

1 ACCEPTED SOLUTION

asulliva
9,410 Views

I believe that all of the methods which store the password securely are tied specifically to the user which creates the secured password/credentail object. This page has several methods of saving credentails (including showing how to read in a plaintext password and convert it into a PSCredential object).

 

You might try using a service account for executing the scheduled task.  Open a PowerShell prompt as the service account, create the credential object and store it securely, then when it's executed by Scheduler it won't have an issue accessing the credential.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

7 REPLIES 7

asulliva
9,488 Views

Hello!

 

Secure strings are encrypted on a per-user basis.  If you encrypt it, then no other user can decrypt it.  Try running the scheduled task as your user and see if it succeeds.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

ehabshukry
9,486 Views

Thanks a lot for the v. quick response, I'll give it a try.

ehabshukry
9,482 Views

Hello Andrew,

 

Is there any other way I can encrypt the password and then run the script under anohter account? The problem I'm using a card to authenticate my account to the system, so my account couldn't be used to run the script in the task schedular. Your thoughts will be highly appreciated.

 

Thanks,

Ehab

 

JohnChampion
9,437 Views

Could you try using Get-Credential instead?

 

$cred = Get-Credential

 

It'll prompt for the login and password - use the service account and password - see if that works.

 

You can check out this link concenring saving it to a file and reusing the credentials

 

http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-1/

 

 

 

ehabshukry
9,402 Views

Thanks John for the article.

asulliva
9,411 Views

I believe that all of the methods which store the password securely are tied specifically to the user which creates the secured password/credentail object. This page has several methods of saving credentails (including showing how to read in a plaintext password and convert it into a PSCredential object).

 

You might try using a service account for executing the scheduled task.  Open a PowerShell prompt as the service account, create the credential object and store it securely, then when it's executed by Scheduler it won't have an issue accessing the credential.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

ehabshukry
9,403 Views

Thanks Andrew. I used Psexec -s -i powershell.exe.  Ran get-securestring and save it to a txt file.  Then I used the task schedular to run the script unders system account, and it went successfully.

Thanks!

 

Public