VMware Cloud Community
markvm2
Enthusiast
Enthusiast
‎01-02-2014 11:41 PM

Invoke-VMScript Enable-PSRemoting Access Denied

I have been doing a lot of work with the Invoke-VMScript command and most commands run fine on the target VM as long as you are doing it as a domain admin. However, today I came across a command that will not run through Invoke-VMScript. I am trying to remotely enable PowerShell Remoting using the "Enable-PSRemoting -Force" command and I keep getting an access denied.

Does anyone know a trick to get this command to run without getting access denied? This is the first time I have come across a command I could not get to run as domain admin?

Reply
6 Replies
LucD
Leadership
Leadership
‎01-03-2014 02:23 AM

The PowerShell Team listed a number of possible causes for this in their Enable-PSRemoting post.

Areany of these applicable to this ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
markvm2
Enthusiast
Enthusiast
‎01-03-2014 08:13 PM

The target vm is connected to the domain. The user I am using invoke-vmscript with is also a domain admin and I added him to the local admin group by itself just to make sure and still nothing works. If I use the local admin with -GuestUser and -GuestPassword I get it to work. Why don't users domain admins work since they are in the local admin group?

Also I if use my domain admin with -GuestUser and -GuestPassword, I do not get access denied but the error about needing to run the powershell command elevated.

Any ideas?

Reply
0 Kudos
markvm2
Enthusiast
Enthusiast
‎01-03-2014 11:29 PM

I have been trying to get to this work all night and all I can figure out is that domain users like the domain admins group that are added to the local admin groups do not behave the same way as a true local admin. Is that normal?

Reply
LucD
Leadership
Leadership
‎01-05-2014 02:08 AM

Did you already try the function Andre has in his Remote use of VMware.View.Broker PowerCLI post ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
markvm2
Enthusiast
Enthusiast
‎01-05-2014 12:54 PM

I am trying to do this without disabling UAC.

Reply
0 Kudos
nagyistvan
Contributor
Contributor
‎11-06-2014 08:44 AM

Here is what I did:

$user='saveTheForest\adminuser'


$pwd='Plant@Tree'


$vm='RAIN4EST002'


$cm='command you want to test'




Invoke-VMScript -ScriptType bat -Vm $vm -ScriptText $cm  -GuestUser "$usr"  -GuestPassword "$pwd"

and received access denid from the command.

Then I used PSCredential object ( -GuestCredential $cre) instead of plain username and password ( -GuestUser "$usr"  -GuestPassword "$pwd"), and all went fine:

$secpwd=ConvertTo-SecureString $pwd -AsPlainText -Force


$cred = New-Object System.Management.Automation.PSCredential ($user,  $secpwd)


Invoke-VMScript -ScriptType bat -Vm $vm -ScriptText $cm  -GuestCredential $cred

Let me know it this helps.... This might have to do with how you authenticate on the domain.

István

Reply
0 Kudos