0

I have a PowerShell script/function, that takes few arguments and runs it.

Invoke-Expression ".\ScriptFile.ps1 $($Node.Name).xml C:\TempFolder\ $($Node.Name) local"

Now I want to run that as another user.

Invoke-Expression doesn't have an inherent parameter credential that facilitates this. On the other hand Invoke-Command has a Credential (Get-Credential) parameter that facilitates running as another user. I tried replacing Invoke-Expression with Invoke-Command with no luck.

How do I tackle this to run the above expression as another user?

Structure of Script Resource. 

Script Deploy
        {       
            SetScript =     
@"             
                Set-Location D:\Deploy
                Invoke-Expression ".\ScriptFile.ps1 $($Node.Name).xml C:\TempFolder\ $($Node.Name) local"                                               
"@

            TestScript = 
            {
                return $false            
            }
            GetScript = {
                return @{   
                        GetScript = $GetScript
                        SetScript = $SetScript
                        TestScript = $TestScript
                    }
            }
            DependsOn = "[File]CopyMe"
        }

P.S.: All this happens inside a SetScript of Script User in Desired State Configuration.

Learner
  • 1,685
  • 6
  • 30
  • 42
  • 2
    Define "with no luck". What did your `Invoke-Command` statement look like? Did you get an error? – Ansgar Wiechers Oct 09 '14 at 06:39
  • This is my error message `PowerShell provider MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: Parameter set cannot be resolved using the specified named parameters.` – Learner Oct 09 '14 at 07:23
  • 2
    Please update your question with the **`Invoke-Command` statement** and the **complete error message**. – Ansgar Wiechers Oct 09 '14 at 08:12

2 Answers2

4

Invoke-Command can indeed be used to run a script on the local machine as a different user (as @mjolinor said, it will be a different session). You must have powershell remoting enabled (which you almost certainly do if you're using DSC). The command would look like this (assuming a translated version of your above invocation):

Invoke-Command -ComputerName . -Credential $cred -File .\ScriptFile.ps1 -ArgumentList "$($Node.Name).xml","C:\TempFolder",$Node.Name,"local"

I suspect that this will not solve your problems though. The error message in your comment is just a generic error, it means something went wrong. To get more a clue, you should have a look at the xDscDiagnostics PowerShell Module to aid in troubleshooting.

What would be great though, is if you could tell us what you're ultimately trying to do. What does .\ScriptFile.ps1 actually do?

briantist
  • 45,546
  • 6
  • 82
  • 127
1

I don't think you can. In order to run the command under a different security context you must do it in a session that's running under those credentials.

If you look at the parameter sets of Invoke-Command, the Credential parameter is only available in parameter sets that specify another computer or URI (which will result in creating a new session). The FilePathRunspace and InSession parameter sets will cause the command to be invoked in the local session, and don't have a Credential parameter.

Likewise, Invoke-Command is going to run the command in the local session and doesn't have a Credential parameter, because you can't change the security context once it's established for the session.

mjolinor
  • 66,130
  • 7
  • 114
  • 135