Hi,
within a software component I need to run a setup.exe as a service account.
For some reason I get a "access denied" error whatever I try.
So I simplified it to avoid other factors and just try to run a "whoami | out-file c:\temp\who.log" as a different users. Still failing.
what I do:
$securePassword = ConvertTo-SecureString $Password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential "$domain\$account", $securePassword
start-job -ScriptBlock {whoami | out-file c:\temp\who.log} -Credential $credential | wait-job
I also tried start-process ..... -credential ....
with same result.
UAC is disabled via registry.
Any help would be highly appreciated.
Thanks
Andre
Hi Andre,
I have tried your script and for me, it works fine. You might get an access denied because the service account does not have write rights on the c:\temp folder? Instead of the Start-Job cmdlet, you might consider using the Invoke-Command cmdlet.
For better exposure, I will move this thread to the PowerCLI community.
how did you run it?
when I execute the code in a powershell on the VM - it's fine - but having it in a vRA software component I get a "access denied"
I have moved this thread back from powerCLI to vRealize Automation Tools. Will you remove the duplicate post in this thread?
What version of vRA and what user option did you select when you installed the guest/software agent inside your Windows template in use here?
It’s vRA 7. The templates are created by a different team and I haven’t installed the guest agent myself. Could you please elaborate a bit more about the “user option”?
Which version of vRA 7?
When you install the guest/software agent, there is an option in the wizard (on Windows) how the agent services should run. In 7.3, you have the option of specifying "localSystem". In previous versions, it would only run as a local user called "Darwin" (a hold-over from the AppD days) which had a different security context and was problematic for several types of system interactions. I'm asking which option was chosen when the agent was installed.
Local system
when I run a “whoami” in a script block it comes back as NTAuthority\system
i’ve manually started a powershell as local system and the code works fine.
is there anyway to turn up the logs?
Again, I ask what version of vRA 7?
7.3
as a workaround the following works:
$st_taskname= "configuration_exe"
$st_trigger = New-ScheduledTaskTrigger -AtStartup
$st_action = New-ScheduledTaskAction -Execute "c:\Program Files (x86)\Microsoft BizTalk Server 2013 R2\Configuration.exe" -Argument "/s c:\temp\Biztalk_Server_Config.xml /l c:\temp\bizconfig_01.log /noprogressbar"
$st_task = Register-ScheduledTask -Action $st_action -Trigger $st_trigger -TaskName $st_taskname -User "$domain\$bizsvc" -Password $bizSvcPwd
Get-ScheduledTask $st_taskname | Start-ScheduledTask
While ((Get-ScheduledTask $st_taskname).State -notlike "Ready"){sleep 60}
Get-ScheduledTask $st_taskname | Disable-ScheduledTask
so all permissions for the user / files and so on are correct
why I am getting a "access denied" when I try to run it using "start-process ..... -credential"?
stumps me.
Cheers
Andre
I ran into this issue while trying to automate cluster creation with the new-cluster command. I have the following working
Sorry for the bad formatting above