Execute PowerShell script on remote server after Thycotic Secret Server password change
We're running the Thycotic Secret Server platform and attempting to onboard a secret associated with a Windows Service account. When Secret Server updates the password, I want a PowerShell to run on a remote server (i.e. the Windows Service host). From what I can tell, it appears that the PowerShell script is only running on the Secret Server, no matter what I put in the "Machine Name" field. See below:
I know this is the case, because within the script I am trying to access local files on remote_server_name.my.domain, but getting "File Does not Exist" errors. E.g. c:\Program Files\Some_Directory\FileName.txt. The only way I can access the file is by using a full FQDN path, i.e. \\remote_server_name.my.domain\c$\Program Files\Some_Directory\FileName.txt.
Below is the PowerShell script I am trying to get Secret Server to run on remote_server_name.my.domain run:
$appset = "c:\Program Files\Some_Directory\FileName.txt"
$a = Get-Content $appset | ConvertFrom-Json;
$a.'example'.node.password = $Args[0];
$a | ConvertTo-Json -Depth 100 | Set-Content $appset;
Restart-Service -Name "service_name"
What am I doing wrong here?
You'll have to tinker with what the right index of $args should be, but something like this should work:
Invoke-Command -ComputerName $args[0] -ArgumentList $args[1] {
param($password)
$appset = 'c:\Program Files\Some_Directory\FileName.txt'
$a = Get-Content $appset | ConvertFrom-Json
$a.example.node.password = $password
$a | ConvertTo-Json -Depth 100 | Set-Content $appset
Restart-Service -Name "service_name"
}
As you get further into making scripts like this you'll probably want to parameterize more of these values. For example, you'll probably want $appset and service_name to be parameters you can set via the UI.
When you add those values as parameters, you'll interact with them via $args rather than hard code them in your script, but $args is also used inside invoke-command, so you'll need to be aware of scoping.