Search code examples
powershellpowershell-3.0

Several credentials in one Invoke-Command

Let's say we have 3 computers: MAIN, A and B. NO domains!(<--important!). Just a workgroup. IPs for computers:

  • MAIN - 33.0.0.100

  • A - 33.0.0.2

  • B - 33.0.0.3

We want type cmdlets on MAIN and execute them on A&B simultaneously. So, we organize Windows Remote Management on all computers and command like

Invoke-Command -computerName 33.0.0.2 -command {dir C:\Utils} -Credential(Get-Credential)

works with no problem and produce files list in folder Utils on A. We know, the syntax of Invoke-Command allow us also write the command like

Invoke-Command -computerName 33.0.0.2, 33.0.0.3 -command {dir C:\Utils} -Credential(Get-Credential)

and this exactly what we want, BUT! The users on A and B absolutely different - no same user, no same password. So, we need -Credential param of Invoke-Command to accept ARRAY of credentials, much like -computerName accept ARRAY of computers.

This is a problem. Any ideas?

P.S. All 3 computers have PS ver. 5, if it's important.

(can't add as comment, so forced to edit start post; actually it's reply on Andrey Marchuk post)

Or do you expect computer[0] to match credential[0]?

Exactly! And, frankly speaking, I don't see any technical problem for invoke-command's programmer make "1-to-1" matching like this one. Users of invoke-command will have 3 options in this case:

  1. provide 1 computer name and 1 credential - clear as day
  2. provide N computers name and 1 credential - all computers have user with same name/pass, or just domain user if we in domain environment

both alternative above already implemented, so programmer need add just one:

  1. provide N computers name and N credentials - each computer have separate user with unique name/pass, [0]=[0], [1]=[1],….

Really don't think it will be very hard or long work. In any case, thank you for all 3 workarounds for the current circumstance!

Solution

  • And how do you expect it to work? Let's say you have 10 computers and 10 credentials. Do you expect it to try all of the credentials for each computer until the valid is found? Or do you expect computer[0] to match credential[0]? What if you have 5 computers, but passed more of fewer than 5 credentials?

    The situation you are in is not really typical. I see a few solutions to it:

    1. Create a service user on both computers with the same name and password and pass it as .\user to Invoke-Command
    2. Write a simple wrapper over the Invoke-Command that in the simplest case will perform Invoke=Command in a foreach loop over the computers and credentials. You could also play with it a bit to make it parallel instead of foreach
    3. And of course the most preferable is to setup a domain controller