Issue using cmdkey

Question

I am a Domain Admin. I work with 20 domains and have to RDP login to servers on any of them. I usually only get the hostname to work with rather than an FQDN. Using an RDP manager was still inefficient, not to mention annoying.

So I wrote a GUI based powershell script that does the following.

1. Finds FQDN given a hostname. [wrote a custom function to return FQDN from any input]

2. Creates a PScredential object based on the FQDN (Using saved credential on disk stored in encrypted form) [Wrote a custom function to do that too]

3. Uses cmdkey to create an mstsc cached credential and launch RDP.

The issue I face is below. On some servers (not all of them), after clicking OK on the legal notice window, the profile starts loading and then I get this prompt. When I click ok, it logs me off. I dont know how to get around it. According to my research so far, this is caused because I am trying to pass optional parameters through my MSTSC request. But I don't see how it happens as i have not coded for it. This is where I need help. How to suppress/avoid/work-around it.

 

--------------------------------------------------------------------ERROR MSG----------------------------------------------

Access is Denied.

This initial program cannot be started:

C:\Windows\syswow64\WindowsPowershell\v1.0\powershell.exe -version 2 -command "${Set-ExecutionPolicy -ExecutionPolicy RemoteSigned}"

Please consult help for more information.

--------------------------------------------------------------------ERROR MSG END------------------------------------------

[The GUI basically collects the Hostname and calls the function below]. Its pretty straight forward.

<#
.Synopsis
   Short description
.DESCRIPTION
   Long description
.EXAMPLE
   Example of how to use this cmdlet
.EXAMPLE
   Another example of how to use this cmdlet
#>
function Get-AutoRDP
{
    [CmdletBinding()]
    [OutputType([int])]
    Param
    (
        # Param1 help description
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $Server
    )

    Begin
    {
        $Server = $Server.ToString().Trim()
        Import-Module .\Get-FQDN.ps1 -Force
        Import-Module .\Get-PSCredential.ps1 -Force
        $FQDN = Get-FQDN -Server $Server #This is a custom function that returns an FQDN.
    }
    Process
    {
        $PSCredential = Get-PSCredential -FQDN $FQDN #This is a custom function that returns a PScredential object.
        $DomainUser = $PSCredential.UserName
        $PlainPassword = $PSCredential.GetNetworkCredential().Password
        
        #Creating cached Creds
        cmdkey.exe /add:$FQDN /user:$DomainUser /pass:$PlainPassword 1>$cmdkey
        mstsc /v:"$FQDN" /w:1200 /h:768
    }
    End
    {
    }
}

Answer 1

You cannot use Set-ExecutionPolicy in a script.  Set it once from an admin prompt and it will be remembered.

You do not need to execute CmdKey on every connection.  Just set it once.  Check CmdKey for the credential so you can skip it when the cred exisits.

---

\_(ツ)_/

Answer 2

But I am not trying to use Set-Execution policy though my script. There is no code in it that does that. Yet, I am being told that I am trying to do it and hence my RDP login is failing. Besides I dont want to set the execution policy in 4000 machines individually. Most of them are governed by group policy and wont allow me to change it even if I wanted to.

Regarding the cmdkey, I have another subroutine that deletes all cached keys in the system. So the cached creds have to be created for every connection.

I am trying to understand why my script is initiating the executionpolicy program when I havn't coded it to.

Answer 3

But I am not trying to use Set-Execution policy though my script. There is no code in it that does that. Yet, I am being told that I am trying to do it and hence my RDP login is failing. Besides I dont want to set the execution policy in 4000 machines individually. Most of them are governed by group policy and wont allow me to change it even if I wanted to.

Regarding the cmdkey, I have another subroutine that deletes all cached keys in the system. So the cached creds have to be created for every connection.

I am trying to understand why my script is initiating the executionpolicy program when I havn't coded it to.

You error says you are trying to set the execution policy.  Here is a copy of what you posted:

Access is Denied.<o:p></o:p>

This initial program cannot be started:<o:p></o:p>

C:\Windows\syswow64\WindowsPowershell\v1.0\powershell.exe
-version 2 -command "${Set-ExecutionPolicy -ExecutionPolicy
RemoteSigned}"<o:p></o:p>

Please consult help for more information.<o:p></o:p>

---

\_(ツ)_/

Answer 4

Exactly. The error says I am trying to set execution policy. But I am not.(The script is posted above) Somehow the script is doing what I have NOT coded it to do.

I don't want to set execution policy. How do I stop it from doing it?

Answer 5

Exactly. The error says I am trying to set execution policy. But I am not.(The script is posted above) Somehow the script is doing what I have NOT coded it to do.

I don't want to set execution policy. How do I stop it from doing it?

This command tries to set the policy which is what the error message is telling you.  We cannot see your screen or read your files so the error message has to be what we can use.  You posted the error message.  Just read it.  You are trying to set the policy which is why you are getting the error.

---

\_(ツ)_/