PowerShell Script block Invoke-command

I am trying to execute a remote invoke-command and retrieve a value from the registry remote machine.

Asumming Winre is configure and running..

$RegSessionPath="HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData"

$RegCredentialProviders

="HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"

$result=Invoke-Command-ComputerName xxxxxxx-ScriptBlock

param($Session,$Credential)

                                                            

$CurrentSessionInfoFromReg=Get-ItemProperty-Path$Session\1 ----  this is where it fails..........

                                                            

$CurrentProvider=$CurrentSessionInfofromReg.LastLoggedOnProvider

                                                            

$CurrentLoggedOnUser=$CurrentSessionInfofromReg.LoggedOnSAMUser

                                                          

  $CredentialProvider = Get-ItemProperty -Path $Credential\$CurrentProvider

                                                      

 Get-ItemProperty $CredentialProvider.PSPath | Select @{Name=$CurrentLoggedOnUser;Expression = "(default)"}

                                                     }

-ArgumentList$RegSessionPath,$RegCredentialProviders

                       


Write-Host

$result

When I run remotely within my workstations it returns what I am expecting........ but IF I use another workstations I can not access the registry and it returns my user credentials instead of the account in the remote workstation that is login.

what I am doing wrong?

July 22nd, 2015 3:50pm

Can you see how badly your code is posted? It is unreadable.  Please fix that.

Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 3:56pm
$sb ={
    $CurrentSessionInfoFromReg=Get-ItemProperty 'HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1'
    $CurrentProvider=$CurrentSessionInfofromReg.LastLoggedOnProvider
    $CredentialProvider=Get-ItemProperty "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\$CurrentProvider"
    $payload=@{
        UserName=$CurrentSessionInfofromReg.LoggedOnSAMUser
        Provider=$CredentialProvider.'(default)'
    }
    New-Object  PsObject -Property $payload
}

Invoke-Command -ScriptBlock $sb -Computer xxxxxx
July 22nd, 2015 4:21pm
Sorry about that I cut n paste ... Next time.... It keeps returning the same domain user that it was run from the localHost.   I am trying to access the credentials of the user login in a machine. Workstation OS is
Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 4:59pm

Copy from the ISE and paste into notepad then copy to forum or paste into code control in forum.

Like this:

$sb ={
    $CurrentSessionInfoFromReg=Get-ItemProperty 'HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1'
    $CurrentProvider=$CurrentSessionInfofromReg.LastLoggedOnProvider
    $CredentialProvider=Get-ItemProperty "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\$CurrentProvider"
    $payload=@{
        UserName=$CurrentSessionInfofromReg.LoggedOnSAMUser
        Provider=$CredentialProvider.'(default)'
    }
    New-Object  PsObject -Property $payload
}
#$sb.Invoke()
Invoke-Command -ScriptBlock $sb -ComputerName <xxxxxxx>

July 22nd, 2015 5:48pm
It works, the machine needs to be reboot and login either with the smart card or not. That last credential gets written to the registry. If user removes or inserts to lock the machine, it will not re-write the credentials to the registry. Some flaw... thanks and sorry about the cut
Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 6:11pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics