Hi, I've a security group with View Password Disallowed.
I wrote a script to set a daily password on Windows Server Account.
This script use an admin password to connect to target server and set the daily password .
The problem arises when a user of the group without permission to view the password launches the script receives the error access denied.
There is a way to use the password or to run the script with an admin account ?
Its not really a powershell question, but rather RDM usage. I wonder where you set that "admin" account that the user cannot view...
also, are both the client and server on the same domain?
Hello Maurice, yes it is because of security in RMD, and it's working right.
We have many customers each with their own domain.
Each server has linked administrative credentials with which to connect.
My powershell script connects to the client's server with credentials and changes other users' passwords.
The script is launched by users who do not have permission to view administrative passwords.
I would like to solve the problem by modifying the RDM configuration or eventually finding ways to run the script with an administrative user.
So in your script you already use New-PSSession?
The ideal way to perform what you describe is to use a Macros/Scripts/Tools of the "Powershell (local)" sub-type.
Since Macros/Scripts/Tools are meant to be run against a session (which represents the server and holds the related information), the powershell script can make use of variables like $NAME$, $USERNAME$ and they will be resolved to the content of the target session automatically.
In the properties of the session, you will find a Management Tools section, at the root of this, you will see a Credentials drop down. It contains many choices, but the one I suggest you use is the "Custom Credentials", which will allow you to enter credentials right below. These fields are exposed with the following variables $TOOL_DOMAIN$\$TOOL_USERNAME$ $TOOL_PASSWORD$ which you can simply use in your script.
Its a bit complicated for a forum post, but the result is that you have a bunch of sessions for each sensitive server, you set to Management Tools credentials, and you can run the same Macros against each server sequentially, or even as part of a playlist. If you cannot figure the exact way to use this, please contact us at firstname.lastname@example.org and we'll complete the process with you.