Access Windows.Security.Credentials.PasswordVault over PS-Session on fresh Azure VM


This is essentially a re-post of this question: "Cannot open Vault" when accessing PasswordVault on a fresh machine via WinRM

It is quite old, and we don't don't know how to "bump" it, so we are restating here...

After entering a PS-Session on a fresh Azure Windows machine, server 2012r2, like so:

$username = 'print-dev'
$uri = ''
$port = '5986'
$remote_address = "https://" + $uri + ":" + $port
$password = 'somepassword'
$pass = ConvertTo-SecureString -string $password -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
Enter-PSSession -ConnectionUri  $remote_address -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)

... we run the following command and fail:

[]: PS C:\Users\print-dev\Documents> [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] 
$vault = New-Object Windows.Security.Credentials.PasswordVault 

...with the following result:

Exception calling "RetrieveAll" with "0" argument(s): "Access is denied.
Cannot open Vault"
At line:1 char:1
+ $vault.RetrieveAll()
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : UnauthorizedAccessException

"Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" 

If we RDP to the machine with the same user, print-dev, bring up a console and run the command that way, we succeed. Also subsequent calls over remote access will succeed after being run from RDP the first time.

How can we get around this access denied error?

What is the difference between a PowerShell command executed in an RDP session and powershell command executed in Remote PS-Session by the same user?

Any help would be appreciated!

asked on Stack Overflow Apr 6, 2020 by el_bogavante

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0