cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Struggling with double hop and credential management

John_Dodo
Brass Contributor

‎Apr 03 2023 02:57 AM - edited ‎Apr 03 2023 03:06 AM

‎Apr 03 2023 02:57 AM - edited ‎Apr 03 2023 03:06 AM

Struggling with double hop and credential management

Hi all,

 

I have a setup where I use a powershell host to run scripts.

These scripts are triggered from vmware Orchestrator and the scripts are manipulating files on a remote share.

vRo => PSH => RemoteShare

Therfor I am in a double hop situation and I need to handles the credentials.

 

I use this solution :  How to share credentials between different users & machines with PowerShell | PDQ

 

When doing my tests, I run the script with my personal user account.

I use a Fct_ConnectToAD function to create a PSCredentials object, using a service account and the -key option to be able to run the script with any user from any computer (works fine) and still generate the proper PSCredential object.

 

Function Fct_ConnectToAD {
    $User = "$erviceAccount@$ad"
    $PasswordFile = "$basefolder\Toolbox\auth.pxt"
    #$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key (Get-Content $KeyFile))
    $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key (Get-Content $KeyFile))
    return $MyCredential
} #ConnectToAD

 

 


I use another function Fct_MapPSDrive using the said PScredentials to create a mapdrive to my sharedfolder.

 

 

function Fct_MapPSDrive {
param(
[Parameter (Mandatory = $true)] [string] $path,
[Parameter (Mandatory = $true)] [string] $name,
[Parameter (Mandatory = $true)] [System.Management.Automation.PSCredential] $credential
)
New-PSDrive -Name $Name -Root $path -PSProvider "FileSystem" -Credential $Credential -Verbose
}

 

 

 

[System.Management.Automation.PSCredential] $mycredential = Fct_ConnectToAD
Fct_MapPSDrive -path $PSDrivePath -Name $PSDriveName -credential $mycredential

 


It works fine when I am inside my function. But once I get out of it I don't see the drive anymore using get-psdrive.

 

Whether I run the script with my standard account or my service account doesn't make any difference.

 

And Idea on how to perform this? If I can't use the drive then I would have to use the -credential on any single command of all my scripts (ex : new-item -credential $mycredential ...) which is not really a comfortable option...

 

Thank you.

 

 

Labels:
167 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by John_Dodo (Brass Contributor)
John_Dodo

‎Apr 03 2023 03:11 AM - edited ‎Apr 03 2023 03:12 AM

‎Apr 03 2023 03:11 AM - edited ‎Apr 03 2023 03:12 AM

Solution

Re: Struggling with double hop and credential management

I just discovered the -scope global option I was not aware of...

https://stackoverflow.com/questions/16665176/how-can-i-make-a-psdrive-created-within-a-function-acce...

solved :)

0 Likes
Reply