Nov 07 2019
- last edited on
May 24 2021
We are using the AIP Classic Client to apply classification to documents.
We have an internal solution for gathering files to apply classification to and would like to automate the classification of these files.
A dev has created a PowerShell script that takes in a list of files and uses the Set-AIPFileLabel cmdlet to classify all the files passed to the script. We want to move this system into production however have encountered a roadblock.
In our production system, the service account we want to use does not have log on locally permissions. It is a service account and has log on as batch rights. We just want to run the script on a windows task once every arbitrary amount of time.
Before you can use the Set-AIPFileLabel cmdlet, you must first set the aip token with the Set-AIPAuthentication cmdlet.
This cmdlet is interactive, when an account can log into the machine, it can run this cmdlet with ease (obviously supplying the $WebAppId, $WebAppKey, $NativeAppId values).
Obviously this interaction is interactive, I went digging the Microsoft docs and found the following pages (about the scanner, but hoping the principles transfer):
These instructions boil down to:
$AIPToken = "" $WebAppId = "" $WebAppKey = "" $NativeAppId = "" Set-AIPAuthentication -WebAppId $WebAppId -WebAppKey $WebAppKey -NativeAppId $NativeAppId -Token $AIPToken
When i run the script, no script is created but a log file is generated. Inside is the following error:
One of two conditions was encountered: 1. The PromptBehavior.Never flag was passed, but the constraint could not be honored, because user interaction was required. 2. An error occurred during a silent web authentication that prevented the http authentication flow from completing in a short enough time frame
I have passed the token and followed the microsoft documentation however it fails to set the token by what looks to me like an error in logic in the application.
The AIP Unified Labelling Client can set auth tokens on behalf of users, this issue affects only the classic client.
Repost from Server Fault.