Is it possible to pass credentials to a new PS session?

I have a GUI form and from there want to open a PSSession to a computer in a new CLI window.

So something like:

$mycred = Get-Credential
Start-Process powershell.exe  -ArgumentList "-noexit -command Enter-PSSession -ComputerName computer1 -Credential $mycred"

As soon as I run the Start-Process, it again prompts me for credentials. Is it not somehow to pass the $mycred variable to the new session?

No in that fashion, no. You’re forcing $mycred to be evaluated as a string, not a credential object, so it’s disregarded and that’s why you’re prompted. I’m not entirely certain why you need to start a new process, though - can’t you just run Enter-PSSession?

Well, it’s a GUI form where I enter credentials and a computername and then can do all sorts of operations against this computer.

I also wanted to add a button to open an PSSession in a new CLI window, so that’s why I am using Start-Process.

Also tried this for instance:

Start-Process powershell.exe  -ArgumentList "-noexit -command Enter-PSSession -ComputerName computer1" -Credential $mycred

so passing the credential to the Start-Process, but then it says the username/password is incorrect (even though it’s correct and I can use this credential to perform other actions against this computer).

The latter example should have worked if $mycred is a valid credential object; I’m unfortunately not able to help you troubleshoot that without access to your network :). Syntactically, it looks correct from what you’ve shown me. I guess I’d just make sure you’re using DOMAIN\USERNAME format for the username portion of the credential.

I am running the form from a standalone PC and targeting a domain controller. Of course I enter the credential as username@domain.ext and can confirm it works, because other scripts I run from this form against this domain controller work fine.

Also, when I run the Start-Process, I can see in the domain controller security event log a Kerberos ticket being created and all and no FailureAudits appear.

Hmmm :frowning:

That’s a little bit tricky. You can’t pass live objects across process boundaries like that, but you can serialize the credential into text and then back again. Something like this should work (though it requires PowerShell 3.0 or later, for the PSSerializer class):

$mycred = Get-Credential
$credxml = [System.Management.Automation.PSSerializer]::Serialize($mycred)

$commands = @"
    `$mycred = [System.Management.Automation.PSSerializer]::Deserialize('$credxml')
    Enter-PSSession -ComputerName computer1 -Credential `$mycred
"@

$base64 = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($commands))

Start-Process powershell.exe  -ArgumentList "-noexit -EncodedCommand $base64"

I used -EncodedCommand to avoid any parsing / quoting problems with all of the XML on a command line.

@dlwyatt

  1. It works, thanks so much :slight_smile:

  2. Don’t exactly understand what is going on here, time to do some reading on this subject :slight_smile:

$mycred = Get-Credential
Start-Process -FilePath "c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ArgumentList "-noexit Enter-PSSession -ComputerName computer1" -Credential $mycred

Just a small addition, above code now also works but you have to take into account 2 things:

  1. Full path to the process you call need to specified
  2. Credentials need to be entered in form domain\user, for some reason user@domain.ext returns incorrect username or password