04/11/2017 1607 views
I have a script I'm using to try and add computers to my domain. I know there are ways to do this easily without importing an XML, but I want to do it without having a plaintext password in the script.

Here is what I have, and it works in the ISE:

$domain = "company.com"
$credential = Import-Clixml 'SecureCredentials.xml'
$ouPath="OU=Win7 Computers,DC=company,DC=com"
add-computer -Credential $credential -DomainName $domain -OUPath $ouPath
shutdown /r /t 000

The error I'm getting when it runs in Kace is:

C:\KACE\Applications\69\powershell.exe -nologo -executionpolicy bypass -noprofile -file ".\join_domain.ps1"
Import-Clixml : SS XML tag is not recognized.
At C:\KACE\Applications\69\join_domain.ps1 :27 char:28
+ $credential = Import-Clixml <<<< 'SecureCredentials.xml'
    + CategoryInfo                : NotSpecified: <:> [Import-Clixml], XmlException
    + FullyQualifiedErrorid : System.Xml.XmlException,Microsoft.Powershell.commands.ImportClixmlCommand

Does anyone know why this will work in the ISE but not in the K2000? I'm running version 4.0.695 of the K2000.

Answer Summary:
0 Comments   [ + ] Show comments


Answer Chosen by the Author

Turns out this issue was caused by powershell versioning. I had powershell version 2 installed on the computers I was attempting this on, and import-clixml is a commandlet that came with powershell version 3 and later. After updating powershell to version 5 (because why not get the latest) the error went away and the xml was imported.

Unfortunately, I found out that what I was trying to do by importing this wouldn't work the way I wanted anyway, so that's unfortunate, but at least someone who has this error in the future will find an answer faster than I did. I should have realized the problem sooner.
Answered 04/13/2017 by: pbrandvold
Orange Belt

All Answers

You can see from the error, it thinks powershell.exe is in the kace directory.  Change the commandline in your task to be the following:

%systemdrive%\Windows\System32\WindowsPowerShell\v1.0\powershell -nologo -executionpolicy bypass -noprofile -file join_domain.ps1

Note there is no .exe on the powershell.
Answered 04/11/2017 by: cserrins
Red Belt

  • When I do that, it just tags it on to the path that is already there. Do I need to change directory to that path? If so, won't that change the directory that I'm working in and fail to call the script I want?
    • Can you show what your tasks.xml file has for commandline for that id# now?
      • I'm not sure how to find that. I'm not certain I understand what you're asking for - my apologies. Can you clarify?
      • First look for the id# of your PO task (you can find it by looking in the url when you are in the details of your task. Then look for the id# of your image. Then browse to \\k2_ip\peinst\scripts. Find ImagingTasks_id#.xml, open it and look for your PO task#, from there you can find the commandline of that PO task.
      • @cserrins my CommandLine parameter is calling "RUNME.bat". That batch file is just a single line which states:
        %systemdrive%\Windows\System32\WindowsPowerShell\v1.0\powershell -nologo -executionpolicy bypass -noprofile -file ".\join_domain.ps1"

        Here's what I found in the imaging tasks xml file for this particular task:
        <Task ID="69">
        <Name>[SCRIPT] Windows 7 - Join MNTX Domain</Name>
      • Take the .bat file out of the picture, just upload your ps1 file and use the following for the parameters:
        %systemdrive%\Windows\System32\WindowsPowerShell\v1.0\powershell -nologo -executionpolicy bypass -noprofile -file join_domain.ps1
        Once you do that and save, look at the xml file again and show what commandline looks like.
      • I removed the .bat file and just uploaded the ps1 file with the xml file I am importing, zipped it up, and put teh command in Kace. The CommandLine parameter is:

        %systemdrive%\Windows\System32\WindowsPowerShell\v1.0\powershell -nologo -executionpolicy bypass -noprofile -file join_domain.ps1

        However, I'm getting the same error now.
      • You showed the error in your original post, which led me down this path, can you post the error message you are seeing now?
      • The error I'm getting now is:
        Import-Clixml : SS XML tag is not recognized.
        At C:\KACE\Applications\69\join_domain.ps1 :27 char:28
        + $credential = Import-Clixml <<<< 'SecureCredentials.xml'
        + CategoryInfo : NotSpecified: <:> [Import-Clixml], XmlException
        + FullyQualifiedErrorid : System.Xml.XmlException,Microsoft.Powershell.commands.ImportClixmlCommand
      • OK, so maybe add ./ to 'SecureCredentials.xml' so it becomes './SecureCredentials.xml' Otherwise I am out of ideas. We were able to find another instance where something that works in the ISE doesn't work in production: