54 views

Overview


 

Where does the command / script run

The command / script in the custom PowerShell activity is running on local MID server under MID server service account,

instead of running on the Target host.

 

For example, command: hostname, will always show hostname of the MID server,

command: whoami, will always show MID server service account.

 

There are mainly two purposes of the "Target host" field:

1> Before the command/script runs, MID server will test active windows credentials one by one against the target host, using credential testing method.

(by default, the test method is WMI query)

The first windows credential that succeeds the test, will be used to run the actual command / script.

Additionally, this working credential is stored in variable $cred, that can be used in the command / script.

 

2> The value of "Target host" field is stored in PowerShell variable $computer, that can be used in the command / script.

  


 

Sample Script

Below command is using the variables from value of "Target host" field, and the credential that succeeds credential test:

gwmi win32_operatingsystem -computer $computer -credential $cred

 


 

Tip 1

In certain situations, a credential should be picked without invoking credential test method, in this case please set Target host to 127.0.0.1

If Target host is set to 127.0.0.1, no credential test is carried out, and the Windows credential that has lowest order is used.

You can combine this with credential tagging to choose the credential you need. (the credential is also stored in variable $cred)

(credential tag is renamed as credential alias from Kingston)

 

Tip 2

If the Target host is a domain controller, you can create a Powershell Variable

( Activity Designer > Execution Command > Powershell variables )

Specify Name as "credType", value as "AD".

This way the credential test method will be an AD query to the Target host.

 

For other credType options, please check here.

 


 

To run a command / script on remote host

If you would like to execute a command on remote server, PowerShell remote has to be used.

For example, if you have a batch script as c:\temp\test.bat on server server01.lab01.com, you can do below:


Update Target host field to server01.lab01.com

In Command, type in:
$s = New-PSSession -ComputerName $computer -credential $cred
Invoke-Command -Session $s -ScriptBlock {c:\temp\test.bat}

(as the Target host above is a FQDN instead of an IP, it's recommended that a cmdb_ci_dns_name record is created for this FQDN)

Article Information

Last Updated:2018-09-04 19:28:59
Published:2018-09-05