Hi,
i run octopus agent(tentacle) process under one credential and the camse credential is used to run powershell Deploy.ps1 script on tentacle. My deploy.ps1 script creates other user credentials and then runs start-session powershell.exe …
This is what I run inside of my Deploy.ps1
…
$pwd = convertto-securestring $strPassword -asplaintext -force
$Credential = New-Object -typename System.Management.Automation.PSCredential -argumentlist $strName, $pwd
$fl = $strPath1+"\custom_run.ps1"
$args="$fl $strPath “
Start-process powershell.exe -credential $Credential -Argumentlist(”-file $args") -RedirectStandardOutput $strPath\log.log
write-host “Start-process is done cating $strPath\log.log”
…
when i run this via octopus agent the spawned start-process doe not runs, just skipped.
The log.log file does not exist .
My question is how to spawn powershelll session in octapus agetnt(tentacle) and force it to use different windows credentials then the user octopus agent is running as?
Hi Irina,
We’ve had this question previously and unfortunately I think this is a limitation outside of Octopus.
I believe other customers have had some success using WinRM
and Invoke-Command to run PowerShell under a different account to the Tentacle, see this [page])http://stackoverflow.com/questions/11948655/run-script-block-as-a-specific-user-with-powershell) for the details.
I hope that helps!
Thank you and best regards,
Henrik
Hi Henrik,
What do you mean it is limitation outside of Octopus?
I was able to login to the agent machine and run it from pwoershell ,but octopus agent does not spawn the session, so it is octopus agent issue.
Thanks,
Irina
Hi Irina,
By default the Tentacle runs under the LOCAL SYSTEM account, and it seems that this account is not allowed to start new sessions, see this StackOverflow question/answer. Have you set your Tentacle to run under another account?
Thanks,
Henrik