Executing Powershell Script(located in MID Server Script Files) on a remote desktop machine in the network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-04-2022 12:38 AM
Hi,
I need to execute a powershell script which is uploaded to MID Server Script Files in my servicenow instance. This has to executed on a remote desktop computer(which is a non-mid server). How would I do that ? Is there any way to do this without MID Server ? Do I really need the credentials of the remote desktop or is it possible to do without the credentials (like a general service account) ?
Thanks in Advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-04-2022 02:21 AM
Hi, running specified executable on the remote system is not considered as a best security practice (as it can be used to expose a form of vulnerability); may be instead you can involve your workstation team asking them to add the script to GPO from your AD.
Hope it helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-04-2022 02:41 AM
Hi, thank you for your response. I understand what you are saying. My scenario is a bit different. The script is actually a solution for a certain problem. And anyone facing that problem will raise a ticket in SNOW, and this PS script will get executed on the respective machine(machine details like hostname will be mentioned in the ticket). If this script is imposed as a GPO then logging can only be done locally right ? That will not work in my case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-04-2022 03:21 AM
Hi, thank you for the clarification. As far as I know it should be possibly to configure the log collector in Windows Server and redirect log entries (in scope of GPO) from local WIN machines to these server. But indeed, you then need some logic to pull logs from the collector, parse them (mapping to impacted workstations), deal with errors/exceptions, etc ...
I would suggest providing a detailed guidance (with embedded link where to download the script) back to the user, as a response to the incident raised, and, after executing, ask the user to collect output files (=evidences) and attach it back to the incident. š
Hope it helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā09-02-2023 05:38 AM
Hello Dhanajayan,
I am currently working in a similar project in which a PowerShell script will be executed on a remote computer via Invoke-Command cmdlet via MID Server. For this:
The service account should be in the local admin groups of the remote computer. Best practice would be adding service account user to local admins group via GPO. However, the service account then should be a domain user instead of local user in the MID Server.
Have you found a solution for this? If yes, I would really appreciate if you could share your insights.
Thanks,
Cem
