ConvertTo-SecureString 密钥在指定状态下无效 [英] ConvertTo-SecureString Key not valid for use in specified state
问题描述
我在以特定用户而非我自己的用户帐户运行脚本时遇到错误.这是在 Windows 2012R2 上.Powershell 模块已安装并已使用一段时间,但使用其他帐户阻止其运行.因为我已经能够运行它,所以我觉得我可以排除脚本中任何丢失的文件或错误的命令.脚本的其余部分依赖于此.我还使用将通过自动化运行命令的服务帐户运行了 convertto-securestring 选项,但它仍然无法正常工作.
这是我用来转换密码的安全密码脚本
$password = "密码"$secureStringPwd = $password |ConvertTo-SecureString -AsPlainText -Force$secureStringText = $secureStringPwd |ConvertFrom-SecureString设置内容 "E:\temp\ExportedPassword.txt" $secureStringText`这是尝试以用户 B 身份运行后的错误信息
line 4 $pwdTxt = Get-Content "E:\temp\ExportedPassword.txt"第 5 行 $securePwd = $pwdTxt |ConvertTo-SecureStringConvertTo-SecureString :密钥在指定状态下无效.在 E:\temp\get_user_cliffsv4.ps1:5 字符:24+ $securePwd = $pwdTxt |ConvertTo-SecureString+ ~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString],密码异常+ FullQualifiedErrorId :ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand我已通过自动化软件多次运行此脚本,但在测试时,由于此错误,我不得不将命令作为我的个人帐户运行,为了解决此问题以便我可以完成测试,我调用了该选项.我的问题是,我使用的帐户是否缺少任何特定权利?我是否必须在该帐户下安装 Powershell 扩展,或者我可以在 PS 或服务器上设置/更改某些内容以允许服务帐户运行此脚本吗?提前致谢!
问题不在于服务帐户运行命令的能力,而是系统帐户正在运行命令,因此它传递的安全密码不是可用.我发现此链接提供了一个脚本,该脚本安排脚本使用系统帐户运行,从而按系统创建文件,该文件将正确使用密码文件并正确传递凭据.感谢 Keith Francis 和托管代码的网站,我一直非常感谢这些提供支持渠道的社区.
I'm getting an error when running a script as a particular user, but not as my own user account. This is on Windows 2012R2. Powershell module was installed and has been in use for some time, but using another account prevents it from running. Because I have been able to run it, I feel like I can rule out any missing files or faulty commands within the script. The rest of the script is dependent on this. I also have run the convertto-securestring options using the service account that will be running the commands through the automation, but it still is not working.
This is the secure password script I ran to convert the password
$password = "password"
$secureStringPwd = $password | ConvertTo-SecureString -AsPlainText -Force
$secureStringText = $secureStringPwd | ConvertFrom-SecureString
Set-Content "E:\temp\ExportedPassword.txt" $secureStringText`
This is the error message after trying to run as user B
line 4 $pwdTxt = Get-Content "E:\temp\ExportedPassword.txt"
line 5 $securePwd = $pwdTxt | ConvertTo-SecureString
ConvertTo-SecureString : Key not valid for use in specified state.
At E:\temp\get_user_cliffsv4.ps1:5 char:24
+ $securePwd = $pwdTxt | ConvertTo-SecureString
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString],
CryptographicException
+ FullyQualifiedErrorId :
ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.
Commands.ConvertToSecureStringCommand
I have run this script numerous times through automation software, but when testing I had to run the command as my personal account because of this error and to get around this so I could complete testing, I invoked that option. My question is, is the account I'm using missing any particular rights? Do I have to install the Powershell extensions under that account or can I set/change something in PS or on the server that will allow the service account to run this script? Thanks in advance!
The issue was not the service account's ability to run the command, it was that the System account was running the command, so the secure password it was passing was not usable. I found this link that provided a script that scheduled the script to run using the system account, thereby creating the file by system which will correctly used the password file and passed the credentials correctly. Thank you to Keith Francis and the site for hosting the code and always, I'm very thankful for these communities that provide an outlet for support.
这篇关于ConvertTo-SecureString 密钥在指定状态下无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
