Run PowerShell custom activity with alternate credentials

jimdawson
Giga Contributor

‎12-06-2017 09:44 AM

I need to run a PowerShell script with specific credentials and haven't had much success yet. Here's what I've done so far.

  1. Created an account in AD and assigned it appropriate permissions. Assigned the account log on permissions on two MID servers.
  2. Created a Windows credential object containing the credentials created earlier. Defined a tag for these credentials.
  3. Created a custom PowerShell workflow activity to test
    • Set string input variable of 'host'
    • Set 'Target Host' to '${activityInput.Host}'
    • Entered the following in the 'Command' section: Write-Host "Name: $($cred.username)"
    • Set 'Credential tag' to the same tag specified in credential object.
  4. Set host to the following values and clicked 'Test Inputs',
    • 'blank', 'localhost', and the DNS name of the MID server returned an error of "Failure(s) with available Windows credentials from the instance. Credentials tried: (username from credential object)"
    • '127.0.0.1' or the IP address of the local MID server returned no error or text. "NAME: "
    • The DNS name or IP address of the alternate MID server produces the intended output ("NAME: (username from credential object)")

This is intended to run a script that will need to make calls to Microsoft Azure, the intention is to call 'Add-AzureRmAccount -Credential $cred' to authenticate. I supposed I could specify a designated host that the SN credentials have access to as a workaround but it seems like using credential tagging should be able to address this issue without resorting to this.

Am I doing something wrong or is this just how credential tagging works with custom activities.

Thanks in advance.

0 Helpfuls
  • 2,212 Views
2 REPLIES 2

brantgluth
Kilo Expert

‎01-23-2018 01:06 PM

I seem to be on a credential binge today, so this may not help. I'm using the following in my powershell activities so I can run my midServer with weaker credentials, then jsut pass what I need it to do. Maybe this'll help.        



try


{


  $username = "${activityInput.username}"


  $password = convertto-securestring -String "${activityInput.passowrd}" -AsPlainText -Force


  $secstr = New-Object -TypeName System.Security.SecureString


  # $password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}


  $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password


}


catch{


  $returnError = "Issues setting security: " + $_


  #exit


  }


0 Helpfuls

bernard6
Mega Expert

‎10-19-2018 11:30 AM

Hi Jim,

This thread is kinda of old so i'm sure if this is something you've solved already or not.  Because you cannot use credentials for local connections it will always fail on the local mid server.

The query that SN does to validate the credential is:

$results = gwmi win32_operatingsystem -computer $computer -credential $cred -impersonation 3 -authentication 6 -EA "Stop"

where $computer is what was provided as the Target Host and $cred is the credential being tested.  If you test this locally on your workstation in PowerShell you'll receive the same error.

 

You can create your own validation test by adding a custom function to the 'credentials.psm1' MID server script file and using the variable 'credType' in your custom activity with the value of your custom functions suffix name.  It will then use your function to validate whether a credential passes.

Hope that helps you or someone else 🙂

 

Dave