Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PowerShell Scripts running as user X

2 views
Skip to first unread message

The Debug Guy

unread,
Sep 21, 2009, 1:50:33 PM9/21/09
to
I have a challenge where I have built a customized powershell script to
place our production servers in maintenance mode 1200+ once a month.

Note: We are still running SP1, so this means all 3 objects per server.

While I have no problem running this script, (I am a administrator
defined in the SCOM Admin Role). I need our operations staff to have
the ability to run this script, they are defined with a lower scom
priviledge, a custom "Operator" role.

I understand that the powershell command prompt with SCOM makes a direct
connection to the SDK and for this reason you have to be defined in
the Admin Role in SCOM.

OK, looking for plan B, is there a creative way to get around this?

Point: I need our Operators to have the ability to run this script. So
some how I have to up the SCOM role Privileges during execution,
all while not exposing the runtime userID/PW.

This is one example of probably 20 I could come up with. It appears to
me that PowerShell was designed exclusively for the Administrator with
Administrator rights whereever the scripts need to run. This is not
realistic in my view, so I need to come up with a canned solution that I
can template for other applications.

Example 2: A script that will install an agent. Whereas a senior admin
creates the script and then a junior admin runs it.

Hopefully this makes sense....

Thanks to all that reply...

DebugGuy

Marco Shaw [MVP]

unread,
Sep 25, 2009, 9:30:35 PM9/25/09
to
Yes, it is unfortunate that some things are restricted when called from
PowerShell.

An approach some have used is to used is to instead run the command
directly, which requires elevated privileges, have a script that simply
drops an appropriately formatted message into the windows event log. Then
have a rule on the OpsMgr server that looks for this event. Once an event
is found, parse the event and use that data to undertake a particular
action.

See this for more details on this approach:
http://derekhar.blogspot.com/2008/08/updated-agent-maintenance-mode.html

Marco

"The Debug Guy" <debu...@gmail.com> wrote in message
news:#XwnHQuO...@TK2MSFTNGP06.phx.gbl...

Sander

unread,
Sep 28, 2009, 11:05:02 AM9/28/09
to
Hi DebugGuy

I had exactly the same request from a customer. (scheduled maintanace mode
set by staff)
i found this utility;

http://www.scom2k7.com/scom-remote-maintenance-mode-scheduler-20/

its based on powershell and gives a nice gui, usable for staff.

The other request might be solved with powershell version 2 remoting?

Regards,
Sander Klaassen

"The Debug Guy" <debu...@gmail.com> wrote in message

news:%23XwnHQu...@TK2MSFTNGP06.phx.gbl...

0 new messages