Running cmdkey.exe from powershell

Please help… powershell noob and been on this for a week…

Scenario…

Want a user to come into work with their personal windows device and run a script/exe to connect their mapped drives and printers on our domain servers as if they were logged into their account in our domain.

After they punch in their credentials, I do some clever dns and reverse dns lookups to get their domain and dig out their home folder from ldap. All good so far.

However … the biggest problem is that I cannot see anyway of authenticating to our print server when trying to do the add-printer bit. It seem my auth to AD only stores the credentials to the LDAP server.

So I thought I would store a wildcard credential for the domain into the credential store. But for the life of me, I cannot get it to run the cmdkey program.

Yes… I can hear suggestion to use the free credential cmdlet from the powershell repository. But I was hoping to avoid that, as most of the devices coming in have minimal stuff on them. That would mean that it would bloat out the re-distribute-able I am trying to deploy. I am trying to go for the oldest version of PS too, for the same reason.

Anyway … I have tried ALL the ideas and things that a week of googling has suggested… A good learning curve anyway.

Dumping the code below… Notice a bit of stuff from attempting other methods…

TIA

Peter

 

$DNSServer = Get-DnsClientServerAddress | Select-Object –ExpandProperty ServerAddresses
$DNSServer = $DNSServer[0]
$BYOD.txtoutput.AppendText("DNS Server : " + $DNSserver + “rn”)

$FQDNServer = Resolve-DnsName $DNSServer -DnsOnly | select-object -ExpandProperty NameHost
$BYOD.txtoutput.AppendText("Server Hostname : " + $FQDNServer + “rn”)

$array= $FQDNServer.Split(".")
$Server = $array[0]
$BYODDomain = $array[1]
$BYOD.txtoutput.AppendText("Server Hostname : " + $Server + “rn”)
$BYOD.txtoutput.AppendText("Domain : " + $BYODDomain + “rn”)

$username = $BYOD.txtUsername.Text
$password = $BYOD.txtPassword.Text

# — stick the domain name on the front of the username

$BYOD.txtoutput.AppendText("Username : " + $username + “rn”)
$BYOD.txtoutput.AppendText("Password : " + $password + “rn”)

$domain_dn = “dc=”+$array[1] + “,dc=” + $array[2] + “,dc=” + $array[3]
$domain_dotted = $array[1] + “.” + $array[2] + “.” + $array[3]

# --now to create credentials and add domain to front of username

$sec_password = ConvertTo-SecureString $password -AsPlainText -Force
$domain_username = $BYODDomain + “” + $username
$BYOD.txtoutput.AppendText("Domain Username : " + $domain_username + “rn”)
$credential = New-Object System.Management.Automation.PSCredential ($domain_username, $sec_password)

# — store windows credentials we can ignore auth from here on :slight_smile:

# cmdkey.exe /delete: + “*.” + $domain_dn

# D:\downloads\EchoArgs.exe “/add:*.”$domain_dotted " /user:"$domain_username " /pass:"$password | Write-Host

$params = “a”,“b”,“c”
$params[0] = “/add:*.” + $domain_dotted
$params[1] = “/user:” + $domain_username
$params[2] = “/pass:” + $password

$snot = “/add:*.” + $domain_dotted + " /user:" + $domain_username + " /pass:" + $password
# D:\downloads\EchoArgs.exe $snot | Write-Host

Invoke-Command cmdkey.exe -ArgumentList = $snot | Write-Host

# – let connect to ldap server

$domain = New-Object System.DirectoryServices.DirectoryEntry(“LDAP://$Server/$domain_dn”,$domain_username,$password)
$BYOD.txtoutput.AppendText(“DN” + $domain.distinguishedName + “rn”)

$Searcher = New-Object System.DirectoryServices.DirectorySearcher($domain)

$searcher.Filter = “(&(objectClass=user)(sAMAccountName=$username))”
$user=$searcher.FindOne()
$BYOD.txtoutput.AppendText("Home Dir : " + $user.Properties.homedirectory + “rn”)

sorry … in a cmd window it works… example cmdkey /add:*.orange.schools.internal /user:user /pass:pass

and then I can do my printers using a FQDN print server like e4182s01sv021.orange.schools.internal.

But all the ways of passing parameters like --% and params do not work. That invoke command is a bust too.

As this program is designed to go across domains and servers… need to specify the parameters as variables…

Peter

Peter,

welcome to Powershell.org. Please take a moment and read the very first post on top of the list of this forum: Read Me Before Posting! You’ll be Glad You Did!

Then … when you post code, error messages, sample data or console output format it as code, please.

Here you can read how that works: Guide to Posting Code

You can go back and edit your existing post. You don’t have to create a new one. :wink:

Thanks in advance.

Please help… powershell noob and been on this for a week…

Scenario…

Want a user to come into work with their personal windows device and run a script/exe to connect their mapped drives and printers on our domain servers as if they were logged into their account in our domain.

After they punch in their credentials, I do some clever dns and reverse dns lookups to get their domain and dig out their home folder from ldap. All good so far.

However … the biggest problem is that I cannot see anyway of authenticating to our print server when trying to do the add-printer bit. It seem my auth to AD only stores the credentials to the LDAP server.

So I thought I would store a wildcard credential for the domain into the credential store. But for the life of me, I cannot get it to run the cmdkey program.

Yes… I can hear suggestion to use the free credential cmdlet from the powershell repository. But I was hoping to avoid that, as most of the devices coming in have minimal stuff on them. That would mean that it would bloat out the re-distribute-able I am trying to deploy. I am trying to go for the oldest version of PS too, for the same reason.

Anyway … I have tried ALL the ideas and things that a week of googling has suggested… A good learning curve anyway.

Dumping the code below… Notice a bit of stuff from attempting other methods…

TIA

Peter

 

$DNSServer = Get-DnsClientServerAddress | Select-Object –ExpandProperty ServerAddresses
$DNSServer = $DNSServer[0]
$BYOD.txtoutput.AppendText("DNS Server : " + $DNSserver + “rn”)

$FQDNServer = Resolve-DnsName $DNSServer -DnsOnly | select-object -ExpandProperty NameHost
$BYOD.txtoutput.AppendText("Server Hostname : " + $FQDNServer + “rn”)

$array= $FQDNServer.Split(".")
$Server = $array[0]
$BYODDomain = $array[1]
$BYOD.txtoutput.AppendText("Server Hostname : " + $Server + “rn”)
$BYOD.txtoutput.AppendText("Domain : " + $BYODDomain + “rn”)

$username = $BYOD.txtUsername.Text
$password = $BYOD.txtPassword.Text

# — stick the domain name on the front of the username

$BYOD.txtoutput.AppendText("Username : " + $username + “rn”)
$BYOD.txtoutput.AppendText("Password : " + $password + “rn”)

$domain_dn = “dc=”+$array[1] + “,dc=” + $array[2] + “,dc=” + $array[3]
$domain_dotted = $array[1] + “.” + $array[2] + “.” + $array[3]

# --now to create credentials and add domain to front of username

$sec_password = ConvertTo-SecureString $password -AsPlainText -Force
$domain_username = $BYODDomain + “” + $username
$BYOD.txtoutput.AppendText("Domain Username : " + $domain_username + “rn”)
$credential = New-Object System.Management.Automation.PSCredential ($domain_username, $sec_password)

# — store windows credentials we can ignore auth from here on :slight_smile:

# cmdkey.exe /delete: + “*.” + $domain_dn

# D:\downloads\EchoArgs.exe “/add:*.”$domain_dotted " /user:"$domain_username " /pass:"$password | Write-Host

$params = “a”,“b”,“c”
$params[0] = “/add:*.” + $domain_dotted
$params[1] = “/user:” + $domain_username
$params[2] = “/pass:” + $password

$snot = “/add:*.” + $domain_dotted + " /user:" + $domain_username + " /pass:" + $password
# D:\downloads\EchoArgs.exe $snot | Write-Host

Invoke-Command cmdkey.exe -ArgumentList = $snot | Write-Host

# – let connect to ldap server

$domain = New-Object System.DirectoryServices.DirectoryEntry(“LDAP://$Server/$domain_dn”,$domain_username,$password)
$BYOD.txtoutput.AppendText(“DN” + $domain.distinguishedName + “rn”)

$Searcher = New-Object System.DirectoryServices.DirectorySearcher($domain)

$searcher.Filter = “(&(objectClass=user)(sAMAccountName=$username))”
$user=$searcher.FindOne()
$BYOD.txtoutput.AppendText("Home Dir : " + $user.Properties.homedirectory + “rn”)

Hi … sorry about that… I obviously did not read the posting guidelines. Sorry.

I do remember trying to find the option…Not hard enough it appears.

FWIW… I edited the post and formatted as code, and submitted… and got an error, and lost the post. Did not set remember edits option. Sigh.

Anyway… managed to scrape it off a cached page and resubmitted… and it seems ok now… except for <span style=“color: #3366ff> which appears.

Regardless… am dying here… and would love some help.

Cheers

Peter

You’re over complicating it. You can run executables in powershell just like in command prompt. Now the quoting can get tricky in powershell but when it comes to arguments usually you just need an array of arguments. This works just fine.

$arguments = "/add:*.test.local","/user:test","/pass:test123"

cmdkey.exe $arguments

As far as populating via variables you have a few options, here are a couple.

$add = "/add:*.test.local"
$user = "/user:test"
$password = "/pass:test123"

$arguments = $add,$user,$password

cmdkey.exe $arguments

or

$add = "/add:*.test.local"
$user = "/user:test"
$password = "/pass:test123"

cmdkey.exe @($add,$user,$password)

Tx for the reply…

Your following suggestion worked fine.

$arguments = "/add:*.$domain_dotted" ,"/user:$domain_username" ,"/pass:$password"
cmdkey.exe $arguments | Write-Host

FWIW. … As a noob … I keep thinking that I am passing a string to run. The one I had in the my original post, worked when I used Invoke-Command $string…

Am struggling with concept of passing an array of text arguments… just getting used to object orientated programming…and powershell does things that are useful but I find strange. Even things like typing $variable and then return gives me a formatted output… Alien.

Tx again. I get the feeling I will be back again.

PS… the executable I generated is 19 Kb and goes really fast… no fat on that bad boy :slight_smile:

Peter


        

FWIW… every time I try to format code as code… and then hit submit… I get an error from Wordpress and extra stuff in the code block.

I am using the Format menu option. Yours looks different and great … is that a gist ?

You may post your error to the forum Web Site Feedback & Assistance

Here you can (re-)read how the formatting works on this forum Guide to Posting Code

Much better… cheers