If I use -Verbose the output is:
The Windows Eventlog on the vm doesn't show anything special.
Application Eventlog:
vmtoolsd: Username and password successfully validated for MyUserName
Security Eventlog:
Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: SYSTEM
Kontoname: MyServerName$
Kontodomäne: MyDomain
Anmelde-ID: 0x3E7
Anmeldetyp: 2
Identitätswechselebene: Identitätswechsel
Neue Anmeldung:
Sicherheits-ID: MyDomain\MyUsername
Kontoname: MyUsername
____________________________________________________________________________________________________________________________
Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: MyDomain\MyUser
Kontoname: MyUser
Kontodomäne: MyDomain
Anmelde-ID: 0x61907D6
Berechtigungen: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
From PowerShell Eventlog VMWare Tools run the following command:
powershell -NonInteractive -EncodedCommand cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBPAHUAdABwAHUAdABGAG8AcgBtAGEAdAAgAHQAZQB4AHQAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0AQwBvAG0AbQBhAG4AZAAgACcAJgAgAHsAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUAfQAnACAAPgAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQARQBNAFAAXABwAG8AdwBlAHIAYwBsAGkAdgBtAHcAYQByAGUAMQA0ADEAIgA7ACAAZQB4AGkAdAAgACQAbABhAHMAdABlAHgAaQB0AGMAbwBkAGUA
The Encoded Part translates to:
powershell.exe -OutputFormat text -NonInteractive -Command '& {$PSVersionTable}' > "C:\Windows\TEMP\powerclivmware141"; exit $lastexitcode
If I'm logged in with the same user, I see the following process tree:
VMtools => CMD => PowerShell => Powershell
If I'm not logged in the process tree is as following:
VMtools => CMD => PowerShell
Everything marked bold above is run by my test user, so spawning processes with that credentials works fine, but for some reasons the PowerShell process that otherwise is spawned from PowerShell isn't started. This happens even on a newly installed Windows 2012 R2 VM with VMware tools.
Edit: Now I found something useful in the logs. VMware-vmsvc loggs to C:\Windows\vmware-vmsc the following:
[Mai 04 15:55:03.192] [ warning] [vix] VixToolsPrintFileExtendedInfo: Posix_Stat(C:\Windows\TEMP\powerclivmware199) failed with 2
[Mai 04 15:55:03.192] [ message] [vix] VixToolsInitiateFileTransferFromGuest: opcode 188 returning 0
Now I also tried giving everyone full Access to C:\Windows\Temp, but that doesn't help neither. I can see how to that file gets created and deleted, but Invoke-VMscript is still not outputting anything...
Edit 2: Now I found a workaround the following works:
dir | Invoke-VMScript -ScriptType Bat -ScriptText 'call powershell.exe -Command import-module Microsoft.PowerShell.Utility; Write-Host "test"' -GuestCredential $guestCredential
But the following doesn't return anything, in fact, the commands provided in the ScriptText parameter are not even executed:
Invoke-VMScript -ScriptType Powershell -ScriptText 'import-module Microsoft.PowerShell.Utility; Write-Host "test"' -GuestCredential $guestCredential
Edit 3: I think I found the bug, the way how VMware invokes powershell seams to cause it to fail while loading some essential modules. "Microsoft.PowerShell.Management", "Microsoft.PowerShell.Utility". So the "> C:\Windows\temp\powerclivmware199" part fails with the error:
The above error is not really from the process that is spawned by VMware, but by the same way VMware Tools does to take on the identity of the user. I used Process Hacker to "Run as this user" on the process VMware spawned. But I'm very confident, that this is exaclty what happens with the Powershell process that is spawned by the VMware Tools.
After that I tried to Import the failing module using -Debug, so i was able to trace it down to the Import of the alias.
Here is a screenshot comparing the outputs of the two imports on the top in a "normal" powershell and on the bottom in an similarly invoked powershell (like VMware does)
I think, this is a bug, that only VMware can solve. Maybe it only ocures because I updated powershell to Version 5 manually using KB3134758, which is not installed on 2012R2 by Default. But I have no System to test that right now.
