1

The script below is executed (under a service account, DOMAIN\SVC123) from AutoSys (SERVER001). It executes an SSIS package (on SERVER002) which is intended to log and read files on SERVER003. However, I receive an ACCESS DENIED error once it tries to read files on SERVER003.

powershell.exe -Command "$respObject = Invoke-Command -Computer SERVER002 -ScriptBlock {[PSCustomObject]$respObject = @{'StdOut' = & 'D:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\dtexec.exe' /f 'F:\SSISPackages\pkg_ingest.dtsx'; 'ExitCode' = $LASTEXITCODE}; return $respObject}; $respObject.StdOut; Exit $respObject.ExitCode"

My research has led me to believe that this is due to the "double hop" issue, where the credentials aren't received by the 3rd server. Is there a way to modify the script above to pass the credentials all the way to SERVER003?

What-About-Bob
  • 649
  • 5
  • 13
  • 1
    Not without having the credentials in plaintext at some point. There are better ways to accomplish what you're trying (namely, a configuration change on SERVER002 so it's essentially a jump-host, which is what it sounds like anyways) – Maximilian Burszley Dec 01 '17 at 20:39
  • https://learn.microsoft.com/en-us/powershell/scripting/setup/ps-remoting-second-hop?view=powershell-5.1#pssessionconfiguration-using-runas – Maximilian Burszley Dec 01 '17 at 20:41
  • https://learn.microsoft.com/en-us/powershell/scripting/setup/ps-remoting-second-hop?view=powershell-5.1#pass-credentials-inside-an-invoke-command-script-block – Maximilian Burszley Dec 01 '17 at 20:41

0 Answers0