0

How can I start a service on an Azure VM remotely? It seems impossible to do without Powershell being "Run as Administrator". Is there a way to launch as admin?

(I would pass in Get-Credential parameter, but unfortunately the 5.1 version Set-Service command does not accept that as a parameter like it does in Powershell version 7.x, and i am limited to 5.1 for now.)

My credentials do have admin level rights on the VM, but i can't seem to figure out a way to pass that via a command.

I am triggering the call like this, where $action is either 'stop' or 'start':

$runCommand = Invoke-AzVMRunCommand `
            -ResourceGroupName $rg `
            -VMName $vm `
            -CommandId 'RunPowerShellScript' `
            -ScriptPath $scriptPath `
            -Parameter @{action = $action}

The linked script would then execute something like this:

$serviceNames = @("service1, service2")

foreach($serviceName in $serviceNames){
    $service = Get-Service -Name $serviceName
    if($service){
        if($action -ieq "start"){
             Set-Service -InputObject $service -Status "Running"
        }
    }
    else{
        Write-Output "Service $serviceName not found!"
    }
}
  • When i run from my laptop - it hangs.
  • When i run from Azure portal via "Run Command" - it hangs.
  • When i run from the VM itself - it says: "Service '' cannot be configured due to the following error: Access is denied
  • When i run from the VM itself but start Powershell as admin - It works!
igor984
  • 1

1 Answers1

0

Make sure you have to connect with local administrator password which you already configured with your VM.

If you are not able to connect the VM you need to reset your local administrator password/ Remote Desktop Service Configuration as per MS-DOC. We can reset either Azure Portal / VM Access extension and PowerShell.

If you want to connect the Azure VM from your local, you have to signed in with respective Azure subscription. Use Set-AzVMAccessExtension to reset the local administrator account password. VM has a single Access Agent. Use the same VM Access Agent which you used earlier.

Workaround

Way 1

Add the user to your VM

$Uname = "<UserName>"
$password = "<Password>"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
New-LocalUser $Uname -Password $securePassword -FullName $Uname -Description "test admin account"
Add-LocalGroupMember -Group "Administrators" -Member $Uname

Way 2

Reset the local Administrator password

$vm = Get-AzVM -ResourceGroupName "<ResourceGroup Name>" -Name "<Resource name>"

$Uname = "<UserName>"
$password = "<Password>"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credentials= New-Object System.Management.Automation.PSCredential ($Uname, $securePassword)
Set-AzVMAccessExtension -Credential $credentials -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name -Location $vm.Location -Name VMAccessAgent -TypeHandlerVersion "2.0"

Access the Script file using specific login

Connect-AzAccount
$vm = Get-AzVM -Name "<your vm name>" -ResourceGroupName "<your vm resource group>"
$runCommand = Invoke-AzVMRunCommand `
            -ResourceGroupName $rg `
            -VMName $vm `
            -CommandId 'RunPowerShellScript' `
            -ScriptPath $scriptPath `
            -Parameter @{action = $action}
Delliganesh Sevanesan
  • 4,146
  • 1
  • 5
  • 15