Menu
I've got a Windows service (Jenkins) that runs a script which needs to run a command as a specific user.
I tried to do this but it doesn't work:
$secpasswd = ConvertTo-SecureString "myPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential("DOMAIN\myUsername", $secpasswd)
$Arguments = @()
$Arguments += "-Command"
$Arguments += "pwd"
$Arguments += ">"
$Arguments += "output.txt"
Start-Process powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
Start-Sleep 2
Get-Content "$workingDir\output.txt"
I get this output:
Start-Process : This command cannot be executed due to the error: Access is denied.
At C:\Windows\TEMP\hudson2382859596554223918.ps1:32 char:14
+ Start-Process <<<< powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
Now if I remove -Credential $mycreds it works fine. The reason why there is that Start-Sleep at the end is that I removed the -Wait after reading this question on SO.
Am I missing something here?
282
PS C:\> Start-Process -FilePath "powershell.exe" -Verb open # Starts a PowerShell process with "Run as Administrator" permissions. PS C:\> Start-Process -FilePath "powershell.exe" -Verb runas These commands show how to find the verbs that can be used when starting a process, and the effect of using the verbs to start the process.
PS C:\> Start-Process -FilePath "powershell.exe" -Verb open # Starts a PowerShell process with "Run as Administrator" permissions. PS C:\> Start-Process -FilePath "powershell.exe" -Verb runas
The first way to create a credential object is to use the PowerShell cmdlet Get-Credential. When you run without parameters, it prompts you for a username and password. Or you can call the cmdlet with some optional parameters.
PowerShell returns this warning because the plain text password gets recorded in various logs. Once you have a secure string created, you need to pass it to the PSCredential () method to create the credential object. In the following example, the variable $password contains the secure string $Cred contains the credential object.
$username = "username"
$password = "password"
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
Start-Process dnscrypt-proxy.exe -WorkingDirectory path_here -Credential ($credentials)
--from powershell forums; i searched for this same solution just a couple days ago and this worked. hope it helps you.
Source: http://powershell.com/cs/forums/t/9502.aspx
164
Finally found the solution: by default, Jenkins is run as a service log on as the "Local System account". To change this launch the services application (type "services" in the start menu), look for Jenkins, double click on it and go to the "Log On" tab.
You should now see what account the service is using. Change to "This account" and fill in your account details and voila!
For the record the command I was originally trying to run works fine now, without having to add any of the "changing user" things on top.
Special thanks to @Poorkenny that put me on the correct track with his comment, THANK YOU! Stackoverflow rocks! (that moment when thanks to someone you just solved an issue that took you the whole day to figure it out...)
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
