Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Start a New Post

A problem when running A PowerShell script in Microsoft task schedular

ehabshukry
‎2016-03-01 10:10 AM

Hello,

 

I want to use Powershell toolkit 3.3 to throttle SnapVault relation at a specific time of the day. I can run the script successfully  from the powershell command line. The same script will fail if I run it in the Micsosoft task schedular of Win 2012R2 using system account. I've tried to right click on the script in the task scheduler, and then run it but the script stays in "running" state  forever.  I added a couple of commands to write text to a log file to  know where the script stops at, and I found it stops at  "connect-nacontroller filer_ip -Credential  $cred"! Please note that system account has full right on the machine. Here's the script:

 

I ran the following commands to store the secure pass in a file:

$secureString = Read-Host -AsSecureString "Enter password to convert to secure string"

$secureString | ConvertFrom-SecureString | Out-File -PSPath "C:\ps.txt"

 

-------------------------- script start from here
$secureString = Get-Content -PSPath "C:\ps.txt" | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "username",$secureString

connect-nacontroller filer_ip -Credential  $cred 

 

Set-NaSnapvault -PrimarySystem primary_filer -PrimaryPath /vol/vol_name -SecondaryPath /vol/vol_name -MaxTransferRate 4mb

exit

 

Do you have any idea what's going on or how to fix it?

 

Appreciate your quick help!

Thanks,

 

 

 

0 Kudos
View By:
1 ACCEPTED SOLUTION

asulliva
NetApp
‎2016-03-03 06:34 AM
In response to ehabshukry

I believe that all of the methods which store the password securely are tied specifically to the user which creates the secured password/credentail object. This page has several methods of saving credentails (including showing how to read in a plaintext password and convert it into a PSCredential object).

 

You might try using a service account for executing the scheduled task.  Open a PowerShell prompt as the service account, create the credential object and store it securely, then when it's executed by Scheduler it won't have an issue accessing the credential.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

7 REPLIES 7

asulliva
NetApp
‎2016-03-01 10:17 AM

Hello!

 

Secure strings are encrypted on a per-user basis.  If you encrypt it, then no other user can decrypt it.  Try running the scheduled task as your user and see if it succeeds.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos

ehabshukry
‎2016-03-01 10:32 AM
In response to asulliva

Hello Andrew,

 

Is there any other way I can encrypt the password and then run the script under anohter account? The problem I'm using a card to authenticate my account to the system, so my account couldn't be used to run the script in the task schedular. Your thoughts will be highly appreciated.

 

Thanks,

Ehab

 

0 Kudos

asulliva
NetApp
‎2016-03-03 06:34 AM
In response to ehabshukry

I believe that all of the methods which store the password securely are tied specifically to the user which creates the secured password/credentail object. This page has several methods of saving credentails (including showing how to read in a plaintext password and convert it into a PSCredential object).

 

You might try using a service account for executing the scheduled task.  Open a PowerShell prompt as the service account, create the credential object and store it securely, then when it's executed by Scheduler it won't have an issue accessing the credential.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

ehabshukry
‎2016-03-03 10:41 AM
In response to asulliva

Thanks Andrew. I used Psexec -s -i powershell.exe.  Ran get-securestring and save it to a txt file.  Then I used the task schedular to run the script unders system account, and it went successfully.

Thanks!

 

0 Kudos

JohnChampion
NetApp
‎2016-03-02 11:54 AM
In response to ehabshukry

Could you try using Get-Credential instead?

 

$cred = Get-Credential

 

It'll prompt for the login and password - use the service account and password - see if that works.

 

You can check out this link concenring saving it to a file and reusing the credentials

 

http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-1/

 

 

 

0 Kudos

ehabshukry
‎2016-03-03 10:43 AM
In response to JohnChampion

Thanks John for the article.

0 Kudos

ehabshukry
‎2016-03-01 10:22 AM
In response to asulliva

Thanks a lot for the v. quick response, I'll give it a try.

0 Kudos
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

View All
NetApp Insights to Action
I2A Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public