This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

API Issue with Powershell

I can run this script locally, but if I try to use invoke-command from another machine, I get a -6 response on the authentication. Any ideas?

 

[void][System.Reflection.Assembly]::LoadWithPartialName("Utimaco.SafeGuard.AdministrationConsole.Scripting")

$addomain = "DC=domain,dc=com"

[ref]$adstype = ""
[ref]$adsmachine = ""
[ref]$adsuser = ""
[ref]$challengeflags = ""
[ref]$response = ""

$Scripting = new-object -comobject "Utimaco.SafeGuard.AdministrationConsole.Scripting.Base"
$ScriptingDirectory = $Scripting.CreateDirectoryClassInstance()
$ScriptingCR = $Scripting.CreateCRClassInstance()
$Scripting.Initialize()
$Scripting.AuthenticateOfficer("mso", "passwordhere", "")
[void]$ScriptingDirectory.Initialize()
[void]$ScriptingCR.Initialize()
[void]$ScriptingCR.checkchallenge($ccode, $challengeflags)
$ScriptingDirectory.GetOneObject($cname, $addomain, 0, $adsmachine, $adstype)
$ScriptingDirectory.GetOneObject($uname, $addomain, 0, $adsuser, $adstype)
$ScriptingCR.GetChallengeFlags($adsmachine.value, $ccode, $challengeflags)
[void]$ScriptingCR.ComputeResponse($adsuser.value, $adsmachine.value, $ccode, 2, $response)
$responsecode = $response.value
$responsecode = $responsecode.Insert(5,' ').Insert(11,' ').Insert(17,' ').Insert(23,' ').Insert(29,' ').Insert(35,' ').Insert(41,' ').Insert(47,' ').Insert(53,' ').Insert(59,' ').Insert(65,' ')
write-host $responsecode



This thread was automatically locked due to age.
Parents
  • Hey Jack.

    Scripts can only be run on Windows Servers running the SafeGuard Enterprise servers that have authorised to execute scripts. You can find this in the Management Center > Tools > Configuration Package Tool > Servers and checking the "Scripting Allowed" checkbox. Documentation for this is over here: https://docs.sophos.com/esg/sgn/8-0/admin/win/en-us/webhelp/index.htm#tasks/SGNServerRegisterConfigureChange.htm

  • The server I am running this on does have "scripting allowed".

    I can run this script locally with no problems at all. The problem is when I try to use powershell's invoke-command from another machine.

     

    Here is the full script that fails:

     

    $cname = "${activityInput.computer_name}"
    $ccode = "${activityInput.challenge_code}"

    $username = "domain\serviceaccount"
    $password = "password" | ConvertTo-SecureString -AsPlainText -Force
    $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $password

    $rcode = Invoke-Command -ComputerName "servername" -ScriptBlock{
    param($cname, $ccode)
    $uname = "username"

    [void][System.Reflection.Assembly]::LoadWithPartialName("Utimaco.SafeGuard.AdministrationConsole.Scripting")

    $addomain = "DC=uspicorp,dc=com"

    [ref]$adstype = ""
    [ref]$adsmachine = ""
    [ref]$adsuser = ""
    [ref]$challengeflags = ""
    [ref]$response = ""

    $Scripting = new-object -comobject "Utimaco.SafeGuard.AdministrationConsole.Scripting.Base"
    $ScriptingDirectory = $Scripting.CreateDirectoryClassInstance()
    $ScriptingCR = $Scripting.CreateCRClassInstance()
    $Scripting.Initialize()
    $Scripting.AuthenticateOfficer("mso", "password", "")
    [void]$ScriptingDirectory.Initialize()
    [void]$ScriptingCR.Initialize()
    [void]$ScriptingCR.checkchallenge($ccode, $challengeflags)
    $ScriptingDirectory.GetOneObject($cname, $addomain, 0, $adsmachine, $adstype)
    $ScriptingDirectory.GetOneObject($uname, $addomain, 0, $adsuser, $adstype)
    $ScriptingCR.GetChallengeFlags($adsmachine.value, $ccode, $challengeflags)
    [void]$ScriptingCR.ComputeResponse($adsuser.value, $adsmachine.value, $ccode, 2, $response)
    $responsecode = $response.value
    $responsecode = $responsecode.Insert(5,' ').Insert(11,' ').Insert(17,' ').Insert(23,' ').Insert(29,' ').Insert(35,' ').Insert(41,' ').Insert(47,' ').Insert(53,' ').Insert(59,' ').Insert(65,' ')
    write-host $responsecode
    } -Credential $cred -Args $cname, $ccode


    write-host $rcode

  • Hey Jack.

    Sadly troubleshooting PowerShell scripts is something only our Professional Services team can offer. I would contact your Sophos Account Manager regarding getting ProServ to assist you.

    From my brief forays into PowerShell (I'm more of a Linux man myself), I did leverage PSSession and when using Invoke-Command, providing Invoke-Command with the session name from New-PSSession. 

  • So you have been able to leverage pssession to run scripts on a remote server? Do you have a sample script?

    My challange response script is fine, the problem only exists when i try to invoke or pssession from another computer.

  • This doesn't make any sense, how can I get two different responses from this line of code? Either it should work or it shouldn't.

     

    $Scripting.AuthenticateOfficer("mso", "Password", "")

Reply Children
No Data