I wonder how PowerCLI does to pass my current AD-credentials when connecting to vcenter or invoking scripts in VM's?
Im creating a custom module, wrapping some of those commands,
Its not CredSSP, we've only allowed one other server to recieve SSP, and i guess communicating with a VM doesnt actually involve sending a PScredential-object over the network, so Set-CredSSP shouldn't be needed
I assume the GuestAuthManager methods might be involved for authenticating in the guest OS.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Not exactly sure what the question is.
Several cmdlets do actually use a PSCredential object to pass this information (Connect-VIServer, Invoke-VMScript...)
When you are "talking" with the guest OS on a VM, the Invoke-VMScript cmdlet uses the VMware Tools to communicate with the guest OS.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes they do, I just wonder how it gets my credential without me getting a Credential-prompt.
If i want to create a wrapping function like so;
function Install-SomeAgentsonVM {
param ( [pscredential]$credentials )
copy-vmguestfile -source $src -destination $dst -LocaltoGuest -VM $vm -Credential $credentials
invoke-vmscript -vm $vm -scripttext "$dst\setup.exe /q" -credential $credentials
...
}
it would be neat if the parent function "Install-SomeAgentsonVM" behaved the same way, that is, if no credential-parameter is set, fetch the current user's credential-object
Thanks, Joel.
Ok, I see what you mean.
Afaik there is no documented method to retrieve the current user as a PSCredential object.
That apparently is done for security measure.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
So, the way its done in PowerCLI-functions is by managed code like C# then i suppose?
I assume the GuestAuthManager methods might be involved for authenticating in the guest OS.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Actually, it was dead-simple,
The parameter GuestCredential is allowed to be empty when passing it to Invoke-VMScript, I was wrongly assuming it had to have a value..
function Test-VMCredentials{
[CmdletBinding()]
param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true,Position=0)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine]
$VM,
[Parameter(Mandatory=$false,Position=1)]
[PSCredential]
$Credentials
)
$output = Invoke-VMScript -ScriptText "dir c:\" -VM $VM -GuestCredential $Credentials -ScriptType Bat
}
If a credential is supplied (for workgroup-connected servers etc.) that would be used. if its not supplied (to the Test-VMScript-function), I won't get an error from Invoke-VMScript but the cmdlet will instead switch to SSPI since $Credentials is empty.
Didn't realise that either, thanks for sharing that.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference