I have a requirement to lock Virtual machine after running a process. The user I'm logged in with is a domain admin user, If I execute the command "C:\windows\system32\rundll32.exe user32.dll, LockWorkStation" from cmd.exe inside the VM, the VM locks.
But if I pass the same command using "Invoke-VMScript", Command doesn't work i.e. system doesn't gets locked and the ScriptOutput is empty. Please suggest.
Here is my command and the output:
$TARGET_VM = Get-VM "VM_NAME"
$Command_text='cmd.exe /c `"C:\windows\system32\rundll32.exe user32.dll, LockWorkStation`"'
Invoke-VMScript -VM $TARGET_VM -ScriptText $Command_text -GuestUser "domain\user" -GuestPassword "Password" -Verbose
Output:
VERBOSE: Performing the operation "Invoke-VMScript" on target "VM_NAME"
VERBOSE: 5/24/2020 10:42:32 PM | Invoke-VMScript | Finished execution |
ScriptOutput
--------------------------------------------------------------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------------------------------------------------------------
I tried -Verbose option - and the verbose output is not much helpful
In the VMware.log, there is no useful info:
2020-05-24T20:42:32.945Z| vcpu-1| I125: VigorTransport_ServerSendResponse opID=37662f0b-2c-64d6 seq=270909: Completed GuestOps request with messages.
2020-05-24T20:42:32.976Z| vmx| I125: VigorTransportProcessClientPayload: opID=159a9797-1c-64db seq=270920: Receiving GuestOps.InitiateFileTransferFromGuest request.
2020-05-24T20:42:33.033Z| vcpu-1| I125: VigorTransport_ServerSendResponse opID=159a9797-1c-64db seq=270920: Completed GuestOps request with messages.
2020-05-24T20:42:33.938Z| vmx| I125: VigorTransportProcessClientPayload: opID=1c21fd4d-2f-64e1 seq=270939: Receiving GuestOps.DeleteFile request.
2020-05-24T20:42:33.999Z| vcpu-1| I125: VigorTransport_ServerSendResponse opID=1c21fd4d-2f-64e1 seq=270939: Completed GuestOps request.
Please let me know if a system can locked using "Invoke-VMScript"?
I did refer to the Guest credentials in my previous reply.
It seems that there is an option with the tsdiscon command (introduced in Windows 2000).
That command takes a sessionId for the session you want to lock.
You have to provide the user that has the session open.
$userName = 'lucd'
$guestUser = 'administrator'
$guestPswd = 'VMware1!'
$cred = New-Object -TypeName pscredential -ArgumentList $vicred.User,(ConvertTo-SecureString -String $viCred.Password -AsPlainText -Force)
$code = @'
`$line = Invoke-expression -Command 'query session' | where{`$_ -match '$userName'}
`$sessionId = (`$line -split '\s+')[3]
Invoke-Expression -Command "tsdiscon `$sessionId"
'@
$sInvoke = @{
VM = $vmName
ScriptType = 'powershell'
ScriptText = $ExecutionContext.InvokeCommand.ExpandString($code)
GuestCredential = $cred
}
Invoke-VMScript @sInvoke
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The code you run through Invoke-VMScript runs in the background, not as an interactive session.
And that code is started from the VMware Tools process, albeit with the guest credentials you pass to Invoke-VMScript.
You are locking your session, but that is not an interactive session.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
@LucD Thank you for the reply. As you know Host user and Host-password parameters are deprecated. So is it possible to lock the interactive session using Guest credentials? I would like to lock the console session-1 (output of query session).
I looked https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.powercli.cmdletref.doc%2FInvoke-VMS... but looks like there is no parameter which accepts "session".
I did refer to the Guest credentials in my previous reply.
It seems that there is an option with the tsdiscon command (introduced in Windows 2000).
That command takes a sessionId for the session you want to lock.
You have to provide the user that has the session open.
$userName = 'lucd'
$guestUser = 'administrator'
$guestPswd = 'VMware1!'
$cred = New-Object -TypeName pscredential -ArgumentList $vicred.User,(ConvertTo-SecureString -String $viCred.Password -AsPlainText -Force)
$code = @'
`$line = Invoke-expression -Command 'query session' | where{`$_ -match '$userName'}
`$sessionId = (`$line -split '\s+')[3]
Invoke-Expression -Command "tsdiscon `$sessionId"
'@
$sInvoke = @{
VM = $vmName
ScriptType = 'powershell'
ScriptText = $ExecutionContext.InvokeCommand.ExpandString($code)
GuestCredential = $cred
}
Invoke-VMScript @sInvoke
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you so much LucD this worked like a charm