2

I have this script which connects to a bunch of servers and gets service status, errors from the Application and System logs and disk space. It runs fine as a scheduled task on Windows XP but has some weird problem on Windows 2008. I am using a function to import the credentials from a separate file where they are stored in encrypted form:

function Import-credential($path) {
    $cred = Import-Clixml $path
    $cred.password = $cred.Password | ConvertTo-SecureString
    New-Object system.Management.Automation.PSCredential(
      $cred.username, $cred.password)
}

This works fine when I run it manually and when it runs as a scheduled task on Windows XP but fails on Windows 2008 with the following error:

New-Object : Exception calling ".ctor" with "2" argument(s): "Cannot process ar
gument because the value of argument "password" is null. Change the value of ar
gument "password" to a non-null value."
At F:\Tools\MCHS Server Report\monitor.ps1:9 char:15
+     New-Object <<<<  system.Management.Automation.PSCredential(
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvoca 
   tionException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.Power 
   Shell.Commands.NewObjectCommand

This is line 9:

New-Object system.Management.Automation.PSCredential(

In the task scheduler I have the full path to powershell.exe in Program/Script and -command & "F:\Tools\MCHS Server Report\monitor.ps1" in Add Arguments.

Any ideas?

EDIT: I tried changing the account it runs under to my own (I was using a local account specifically created for the scheduled tasks) and it worked alright. I have 0 ideas as to why it won't work with the other user considering we're both Administrators and seem to have the same privs...

Improve this question
4
  • Does the user running the task have access to the password file? Did you configure the task to run with highest privileges? Commented May 17, 2013 at 10:11
  • yep, he has access the the file. I've configured the task to run with highest privs but that made no change :( Thanks for taking the time to comment! Commented May 17, 2013 at 10:44
  • I still suspect an UAC-related issue. Can you temporarily disable UAC (requires a reboot of the server)? Which PowerShell version are you using? Commented May 17, 2013 at 10:57
  • unfortunately, that's already off. Commented May 17, 2013 at 11:22

1 Answer 1

Reset to default
4

ConvertTo-SecureString/ConvertFrom-SecureString by default use an encryption key that is bound to the user and computer that the string was originally encrypted on. If you log in as the service account and save the credential it should be able to decrypt it when it is running as a service.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks! That sounds like the root cause. I've noticed before that exporting the credentials returned different results based on the system, but didn't know it was also user-related. I tried to upvote, but I lack in reputation apparently so.... consider yourself upvoted :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.