1

I have looked for weeks, and had others research with/for me, but I haven't found the answer to this.

I have a script that lives on server 1, and needs to be executed on server 1 using certain credentials. The ultimate solution will help with decrypting files. The script must execute as a certain user on a certain server because the key pair is in the user's key ring on that server.

I want the script to be called from server 2 as part of a larger process. Server 2 has a sql job which has the following flow:

  1. Step 1 of the job uses a powershell script to download the file
  2. Step 2 of the job needs to execute the script on server 1 to decrypt the file (** this is the step I am talking about here)
  3. Step 3 of the job will run a powershell script to check the file attributes (last written date, file size as compared to yesterday, etc)
  4. Step 4 of the job will restore the log file

The script on server 1 runs locally without any issues, and produces the expected results. When attempting to have server 2 execute the script on server 1, I haven't had any success. In order to get as simple as possible for finding out what is actually not working, I came up with a set of scripts which are simple (see below).

  • When I run script 1 on server 1 (where the file physically lives), it works fine. The text file is produced with "hello world" in the file.
  • When I run script 2 on server 2 (I didn't save a file, just ran it in the ISE window), it runs without errors or warnings, but the file that should be written doesn't exist on server 1 (nor on server 2 - not that it should but I checked to see anyway).

I am not a powershell guru of any kind - so I apologize now if it is a very obvious thing. :)

#-------------------------------------
# script 1
# this script lives on server 1
# file name: c:\deleteme\helloworld2.ps1

$CMD = Invoke-Expression " `"hello world`" >> C:\deleteme\helloworld.txt"
Invoke-Command -ScriptBlock { $CMD }



#-------------------------------------
# script 2
# this script is executed on server 2 and attempts to execute the script on server 1

$session = New-PSSession -ComputerName "SERVER01.lahcg.com" #-Credential $username


$CMD = "Invoke-Command -ScriptBlock { powershell.exe `"C:\deleteme\helloworld2.ps1`" } "
#write-output $CMD
Invoke-Command -Session $session -ScriptBlock { $CMD }

Remove-PSSession $session

Environment Info:

  • Server 1: Windows Server 2008 R2 Standard with Powershell 2
  • Server 2: Windows Server 2012 R2 Datacenter with Powershell 4

Extra Notes

  • I do have the enable remote set ok... I found that earlier when researching.
  • I am using different versions of Powershell , but since the script on server 1 is running ok locally, I didn't think that was a problem.
  • I have gotten the credential part to work on another script - so I am not asking about that in this post. I left it in the script, commented out for reference.
Improve this question
2
  • 1
    Invoke-Command -Session $session -ScriptBlock { Invoke-Expression $using:CMD } Commented Mar 10, 2017 at 23:04
  • I made this change and the script on server 1 didn't execute (the text file was not created). I had to add double quotes around the invoke-expression portion for it to work, but that shouldn't change what you are talking about. It ran successfully with no errors, but the text file was not created. Commented Mar 14, 2017 at 20:01

1 Answer 1

Reset to default
1

BenH is correct. You have two options. You can either use

  1. Invoke-Command to execute a {Code block}
  2. Connect-PSSession to connect to the computer as a given user

Invoke-Command is the faster way to do it since it automatically establishes a PSSession, executes the code, then tears it down. The issue with it is that it doesn't allow you to control which user establishes the session. For that you have to build the session yourself then tell Invoke-Command which session to use. So try something like this:

  1. From:Server2 $Credentials = Get-Credential #This can be scripted rather than prompted. Google it.
  2. From:Server2 New-PSSesssion -ComputerName Server1 -Credential $Credentials
  3. From:Server2 Now you can either connect to the session and launch your code, or use invoke-command to just push a single command to the session:
    1. Connect-PSSession -Session (Get-PSSession)
    2. Invoke-Command -Session (Get-Session) -ScriptBlock {C:/script1.ps1}
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I appreciate the response. I am creating a session as you mention in step 2. The difference with my step 3 is that the script that ultimately runs isn't local to server 1. In your step 3, that would need to be script local to server 1, correct? The reason is that when I am passing the file name to be worked with, I haven't been able to resolve the file name and path correctly. I have tried everything I have found with escaping and double slashes, etc., but haven't had success. If I have the script life and run on server 2, that seemed to be a simpler process to troubleshoot later.
So this sounds like a syntax issue? Not a remoting question? Please list the commands you are trying now.
I changed script 2 as follows: Invoke-Command -Session $session -ScriptBlock { "Invoke-Expression { $using:CMD }" }
No you don't use Invoke-Command and Invoke-Expression in the same line. Read this comparison between the two. anexinet.com/blog/invoke-command-or-invoke-expression

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.