Hello,

Problem;

I've got a powershell script that needs to bind to the vmware lab manager internal api with pre-supplied credentials.

I want the following to be automated;

1) to bind to the web service without manually adding credentials

2) to use the script from orchestrator

I've created a $credentials variable with a secure-string password from a encrypted text file.

When orchestrator runs the task, it uses the "SYSTEM" security context wich cannot read from the to secure string converted password file.

My Powershell Code:

to create the password file:

read-host -assecurestring | convertfrom-securestring | out-file password.txt (under a domain admin user security context)

fill $credential

$pass = cat password.txt | convertto-securestring

$credential = new-object -typename System.Management.Automation.PSCredential -argumentlist "<domain admin account>",$pass

create web service proxy

$server = "https://<server>/LabManager/SOAP/LabManagerInternal.asmx"

$proxy = New-WebServiceProxy -Uri $server -credential $credential

Symptoms and problem

Under the domain admin account context the script works fine as intended.

When I run the script from a Orchestrator scriptable task; the powershell script returns following error:

"Convertto-SecureString : Key not valid for use in specified state.." etc..

The orchestrator instance of the powershell script, run under the SYSTEM account security context, cannot read the encrypted password file.

Question:

1) Does Orchestrator indeed run tasks under the security context of the SYSTEM account?

2) Is it possible to run an Orchestrator task under a different security context?

3) Has anybody found another solution for a similar problem?

Thanks in advance,