0

I need to run an exe on a remote server. I'm using Invoke-Command -UseSSL to initiate the exe on the remote server. The exe does some work but when it needs to connect to the SQL Server, it fails to authenticate. Looking in the server log, it looks like exe are connecting to SQL Server using NT/AUTHORITY account. The security team are not allowing CredssP on the network. Is there any means I can run the exe with an explicitly defined account. An account other than the account that is used to created the remote session with.

Invoke-Command -UseSSL -ComputerName $AppServer -ScriptBlock {&"C:\Program Files\my.exe" "Params"}
Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
Peter
  • 21
  • 2
  • 2
    And you tried using -Credential (get-credential) parameter? – Iggy Zofrin Mar 29 '20 at 00:39
  • yes. Whether using -credential or keberos authentication, the probleme stays the same. With the firt hope, the exe will run with the suppied credentials on the second hope, no credentials get supplied. You need to enable credssp to allow the credential to be supplied to the second hope. – Peter Mar 30 '20 at 11:28
  • Well there is another way then if you ensure the Group Policies allow to enable WinRM to store RunAs credentials (Do not tick the "Disallow WinRM from storing RunAs credentials"). register a session configuration on the server: Invoke-Command -ComputerName 'servername' -ScriptBlock { Register-PSSessionConfiguration -Name session1 -RunAsCredential 'domain\yourusername' -Force }; use this session configuration: Invoke-Command -ComputerName 'servername' -ScriptBlock { &"C:\Program Files\my.exe" "Params" } -ConfigurationName session1; – Iggy Zofrin Apr 03 '20 at 02:26

0 Answers0