credential manager from logon script

Question

credential manager from logon script

mehar 21

Hi,

I add logon script that retrives credentials from Azure Keyvault and save it to credential manager.

When I run this script on already opened session. it works correctly and it adds credential correctly.

However, when I logon to a session, the script runs ("I have a log file"). However , no credential is created.

What's the wrong with doing that from the logon script with GPO? Sometimes it works correctly and some times no credential is saved. It's truly a big issue for my application to work correctly. I need those credentiales to be saved.

Is it possible that it is slow? (When I run it from an already logged on session, every thing works fine)

Any idea?

bests,

Rich Matheisen 47,901 Reputation points

2023-05-01T18:48:08.51+00:00

It sounds like you're logging an insufficient number of data points in your script to assist in debugging it. In addition, are you doing any error checking in the script?
James Hamil 27,211 Reputation points Microsoft Employee Moderator

2023-05-03T19:15:17.6566667+00:00

Hi @mehar , were you able to record the error in your log file? If so, can you share it?
James Hamil 27,211 Reputation points Microsoft Employee Moderator

2023-06-02T21:12:18.0966667+00:00

Hi @mehar , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James

2 answers

Your answer

Rich Matheisen 47,901 Reputation points

2023-05-01T18:48:08.51+00:00

It sounds like you're logging an insufficient number of data points in your script to assist in debugging it. In addition, are you doing any error checking in the script?
James Hamil 27,211 Reputation points Microsoft Employee Moderator

2023-05-03T19:15:17.6566667+00:00

Hi @mehar , were you able to record the error in your log file? If so, can you share it?
James Hamil 27,211 Reputation points Microsoft Employee Moderator

2023-06-02T21:12:18.0966667+00:00

Hi @mehar , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James

Answer 1

James Hamil 27,211 Microsoft Employee Moderator

Hi @mehar , thanks for the question. It's possible that the issue you're experiencing with the logon script is related to the timing of the script execution during the logon process. When the script runs during the logon process, some dependencies or services might not be fully initialized yet, causing the script to fail or behave unexpectedly.

Here are a few suggestions to troubleshoot and potentially resolve the issue:

Add a delay: Introduce a delay at the beginning of your script to ensure that all required services and dependencies are fully initialized before the script starts executing. You can use the Start-Sleep cmdlet in PowerShell or timeout command in a batch script to introduce a delay.

Check for errors: Make sure your script has proper error handling and logging mechanisms in place. This will help you identify any issues or errors that might occur during the logon process.

Review Group Policy settings: Double-check your Group Policy settings to ensure that the logon script is configured correctly and applied to the appropriate users or groups.

Test with a different script execution method: Instead of using a logon script, you could try using a scheduled task that runs at logon with a delay. This might help to ensure that all required services and dependencies are fully initialized before the script starts executing.

Please let me know if you have any questions and I can help you further.

If this answer helps you please mark it as "Verified" so other users can reference it.

Thank you,

James

mehar 21 Reputation points

2023-05-01T18:49:08.3566667+00:00

Hi, thanks,

Actualy, all the script is excuted except the line. I can't find the issue with it!!!

New-StoredCredential -Target 'test1' -Type Generic -UserName 'test11' -Password 'test111' -Persist 'LocalMachine'

When executed from powershell command line, it works.

Not sure if it is related to time. but something is wrong only with credential manager.

bests,
Rich Matheisen 47,901 Reputation points

2023-05-01T19:32:50.2333333+00:00

If that 3rd-party cmdlet supports the "ErrorAction" parameter, add "-ErrorAction STOP" to the cmdlets set of parameters. Then place the cmdlet in the "Try" block of a Try/Catch. In the "Catch" block, record the error in your log file.
mehar 21 Reputation points

2023-06-13T10:56:04.2033333+00:00

Hi,

I tried many things but I still have issues with the credit manager.

I have several vms . I save cred with a logon script. However this does not work. It works once the logon script is set. If I use another vm, the creds are lost even if I have the same script on this vm and also I have fslogix roamidentity.

I don't understand why It is not keeping the creds and why it it does not apply the script in the other vms to create the creds and why creds disappear after a while!

Bests,

Answer 2

Add proper error handling to your script using the Try and Catch blocks

Try {
    New-StoredCredential -Target 'test1' -Type Generic -UserName 'test11' -Password 'test111' -Persist 'LocalMachine' -ErrorAction Stop
}
Catch {
    # Log the error message to your log file
    $errorMessage = "Error: " + $_.Exception.Message
    Add-Content -Path "Path\To\Your\Log\File.log" -Value $errorMessage
}

Introduce a delay before the New-StoredCredential command to ensure that all required services and dependencies are fully initialized before the command is executed.

Start-Sleep -Seconds 30

Share via

credential manager from logon script

2 answers

Your answer