Navigation

    Inedo Community Forums

    Forums
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. moriah-morgan_0490
    M
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    moriah-morgan_0490

    @moriah-morgan_0490

    0
    Reputation
    4
    Posts
    1
    Profile views
    0
    Followers
    0
    Following
    Joined Last Online
    moriah-morgan_0490 Follow

    Best posts made by moriah-morgan_0490

    This user hasn't posted anything yet.

    Latest posts made by moriah-morgan_0490

    • RE: Pulling variable values into PowerShell .ps1 scripts and potentially credentials

      @atripp

      Thanks again for the explanation. Regarding impersonation: Agreed. We don't have many scenarios where this will be used, but we wanted to test this as a potential requirement for the platform.

      I did change the scope of the test credential for impersonation, and it did work after changing the scope. Is there any way around this? I don't mind per-se to have it be in all environments, but I figured it wouldn't hurt to lock it down a bit more.

      Additionally, one of the ways we were able to get impersonation working was to make sure that the target of impersonation (not the account running the agent) was a local administrator on the target server. For some reason, this seemed to be the only way we saw that it worked. Would you happen to have any resources on hand that would explain what security rights the target of impersonation would need to run a script on the server? I tried several groups in the "local groups" on the server, as well as several different user rights assignments, but couldn't get anything outside of just dropping it in to the "Administrators" group.

      posted in Support
      M
      moriah-morgan_0490
    • RE: Pulling variable values into PowerShell .ps1 scripts and potentially credentials

      Clarification: There are scenarios where I would need the password to be available in Plaintext, such as platforms that need password based auth, but there are also (more commonly) scenarios where I just need to run under that credential context. In the cases where I do not need the plaintext password, it would be insecure to have it accessible via other means as demonstrated above.

      posted in Support
      M
      moriah-morgan_0490
    • RE: Pulling variable values into PowerShell .ps1 scripts and potentially credentials

      Thank you for that rundown. I have a few things I ran into.

      Firstly, I was not able to get a script to run as a resource credential. I saw another forum post here where a member of the support team dropped the following information to run a script "as a resource credential"

      Here's the sample I used:

      with credentials = TestCred2
{
    PSCall whoami;
}

      whoami is just a script I have that runs and outputs the current user who is executing that script. This is the output I get:

      DEBUG: 2022-02-22 00:33:01Z - Job will be run against servers sequentially (not asynchronously).
DEBUG: 2022-02-22 00:33:01Z - Targeting servers: SERVERNAME
DEBUG: 2022-02-22 00:33:01Z - Beginning execution run...
ERROR: 2022-02-22 00:33:01Z - Username & Password credentials "TestCred2" not found.
ERROR: 2022-02-22 00:33:01Z - Execution run failed.
DEBUG: 2022-02-22 00:33:01Z - Cleaning up temporary files on Inedo Agent (v??, SERVERNAME:46336)...

      Am I doing this wrong? the credential is in there as a "Secure Credential".

      Lastly, I did as you showed and was able to get the password for the Test Credential, however, I seem to be having an issue with the "Secure" part of this credential. With or without the box being checked, I can grab the password in plaintext. Here's my code example:

      OtterScript Wrapper:

      PSCall PullPlaintextPS (
    credtest: $PSCredential(TestCred2),
);

      PowerShell Script:

      Write-Host "Script Started"
$credtest.GetNetworkCredential().Password
$credtest.Username
$credtest | get-Member
$credtest.GetNetworkCredential() | get-member

      The most important line there is line 2, which outputs the password of the credential. I appear to be able to fetch this value, regardless of whether or not the box for "otterscript usage" is checked. Am I misunderstanding the usage of this checkbox, and is there another way to secure this password from being dumped like this? I just created testcred2
      as a standard "Secure Credential".

      Thanks!

      posted in Support
      M
      moriah-morgan_0490
    • Pulling variable values into PowerShell .ps1 scripts and potentially credentials

      Hello all,

      I am working on testing Otter to see how it will work in our environment. One thing I wanted to use it for is a script repository/execution center. However, most if not all of our windows scripts are in PowerShell. Additionally, neither I nor my team have the bandwidth to learn Otterscript, so that leaves me in a bit of a situation with regards to global variables and so forth.

      Is there a way I can pull variable values into a regular PowerShell script? Potentially even Secure credentials?

      The documentation on this is a bit confusing, and doesn't give many examples of PowerShell script usage in general.

      Also, I did several searches on the documentation for Group Managed Service Accounts, and only found rough references to them. Are GMSAs supported? Is there a guide for setting those up?

      posted in Support
      M
      moriah-morgan_0490