Automation

 View Only

  • 1.  Passing current credentials (SSPI)

    Posted Oct 06, 2016 10:15 PM

    I wonder how PowerCLI does to pass my current AD-credentials when connecting to vcenter or invoking scripts in VM's?

    Im creating a custom module, wrapping some of those commands,

    Its not CredSSP, we've only allowed one other server to recieve SSP, and i guess communicating with a VM doesnt actually involve sending a PScredential-object over the network, so Set-CredSSP shouldn't be needed



  • 2.  RE: Passing current credentials (SSPI)

    Posted Oct 07, 2016 05:48 AM

    Not exactly sure what the question is.
    Several cmdlets do actually use a PSCredential object to pass this information (Connect-VIServer, Invoke-VMScript...)

    When you are "talking" with the guest OS on a VM, the Invoke-VMScript cmdlet uses the VMware Tools to communicate with the guest OS.



  • 3.  RE: Passing current credentials (SSPI)

    Posted Oct 07, 2016 07:06 AM

    Yes they do, I just wonder how it gets my credential without me getting a Credential-prompt.

    If i want to create a wrapping function like so;

    function Install-SomeAgentsonVM {

    param ( [pscredential]$credentials )

    copy-vmguestfile -source $src -destination $dst -LocaltoGuest -VM $vm -Credential $credentials

    invoke-vmscript -vm $vm -scripttext "$dst\setup.exe /q" -credential $credentials

    ...

    }

    it would be neat if the parent function "Install-SomeAgentsonVM" behaved the same way, that is, if no credential-parameter is set, fetch the current user's credential-object

    Thanks, Joel.



  • 4.  RE: Passing current credentials (SSPI)

    Posted Oct 07, 2016 10:35 AM

    Ok, I see what you mean.

    Afaik there is no documented method to retrieve the current user as a PSCredential object.
    That apparently is done for security measure.                                                                                                                                                                                                                                                                                                                                                                                                                                                                  



  • 5.  RE: Passing current credentials (SSPI)

    Posted Oct 07, 2016 10:56 PM

    So, the way its done in PowerCLI-functions is by managed code like C# then i suppose?



  • 6.  RE: Passing current credentials (SSPI)
    Best Answer

    Posted Oct 08, 2016 03:42 PM

    I assume the GuestAuthManager methods might be involved for authenticating in the guest OS.



  • 7.  RE: Passing current credentials (SSPI)

    Posted Oct 11, 2016 01:46 PM

    Actually, it was dead-simple,

    The parameter GuestCredential is allowed to be empty when passing it to Invoke-VMScript, I was wrongly assuming it had to have a value..

    function Test-VMCredentials{

        [CmdletBinding()]

        param(

            [Parameter(Mandatory=$true,ValueFromPipeline=$true,Position=0)]

            [VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine]

            $VM,

            [Parameter(Mandatory=$false,Position=1)]

            [PSCredential]

            $Credentials

        )  

        $output = Invoke-VMScript -ScriptText "dir c:\" -VM $VM -GuestCredential $Credentials -ScriptType Bat

    If a credential is supplied (for workgroup-connected servers etc.) that would be used. if its not supplied (to the Test-VMScript-function), I won't get an error from Invoke-VMScript but the cmdlet will instead switch to SSPI since $Credentials is empty.



  • 8.  RE: Passing current credentials (SSPI)

    Posted Oct 11, 2016 01:59 PM

    Didn't realise that either, thanks for sharing that.