Setting RunAs on PowerShell Rule

I’m trying to set a RunAs account for a PowerShell rule I’ve created and having some difficulty as this is my first time trying it. Most of the documentation I read was for doing this with a monitor and not a rule as is my case. I followed the syntax best I could, and get the following error when importing:

This management pack cannot be imported.

XSD verification failed for the management pack. [Line 43, Position 85]

The ‘RunAs’ attribute is not declared.

I created a new account for the runas and profile, and distributed to the server where the script runs from.

What am I doing wrong? It seems to not like this part:

RunAs=“RunAsProfile_64801d2e77334629ad8bc380d941e9b2”

<?xml version="1.0"?>

-<ManagementPack xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xsd="http://www.w3.org/2001/XMLSchema" OriginalSchemaVersion="1.1" SchemaVersion="2.0" ContentReadable="true">


-<Manifest>


-<Identity>

<ID>Test</ID>

<Version>1.0.0.0</Version>

</Identity>

<Name>Test</Name>


-<References>


-<Reference Alias="MicrosoftWindowsLibrary7585010">

<ID>Microsoft.Windows.Library</ID>

<Version>7.5.8501.0</Version>

<PublicKeyToken>31bf3856ad364e35</PublicKeyToken>

</Reference>


-<Reference Alias="SystemLibrary7585010">

<ID>System.Library</ID>

<Version>7.5.8501.0</Version>

<PublicKeyToken>31bf3856ad364e35</PublicKeyToken>

</Reference>


-<Reference Alias="CommunityPowerShellMonitoring">

<ID>Community.PowerShellMonitoring</ID>

<Version>1.1.1.2</Version>

<PublicKeyToken>3aa540324b898d3c</PublicKeyToken>

</Reference>


-<Reference Alias="SystemCenter">

<ID>Microsoft.SystemCenter.Library</ID>

<Version>7.0.8433.0</Version>

<PublicKeyToken>31bf3856ad364e35</PublicKeyToken>

</Reference>


-<Reference Alias="Health">

<ID>System.Health.Library</ID>

<Version>7.0.8433.0</Version>

<PublicKeyToken>31bf3856ad364e35</PublicKeyToken>

</Reference>

</References>

</Manifest>


-<TypeDefinitions>


-<SecureReferences>

<SecureReference Accessibility="Internal" ID="RunAsProfile_64801d2e77334629ad8bc380d941e9b2"/>

</SecureReferences>

</TypeDefinitions>


-<Monitoring>


-<Rules>


-<Rule ID="MomUIGeneratedRuleb88a739c146a4690a42d37498c6af60e" DiscardLevel="100" Priority="Normal" Remotable="true" ConfirmDelivery="false" Target="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Server.OperatingSystem" RunAs="RunAsProfile_64801d2e77334629ad8bc380d941e9b2" Enabled="false">

<Category>Alert</Category>


-<DataSources>


-<DataSource ID="DS" TypeID="CommunityPowerShellMonitoring!Community.PowerShellMonitoring.DataSource.FilteredPowerShellPropertyBag">

<IntervalSeconds>900</IntervalSeconds>

<SyncTime/>

<ScriptName>Test.ps1</ScriptName>

<Arguments/>

<ScriptBody>param([string]$Arguments) $ScomAPI = New-Object -comObject "MOM.ScriptAPI" $PropertyBag = $ScomAPI.CreatePropertyBag() $Script $PropertyBag</ScriptBody>

<SecureInput>$RunAs[Name="RunAsProfile_64801d2e77334629ad8bc380d941e9b2"]/Domain$\[Name="RunAsProfile_64801d2e77334629ad8bc380d941e9b2"]/UserName$</SecureInput>

<TimeoutSeconds>60</TimeoutSeconds>


-<AlertExpression>


-<SimpleExpression>


-<ValueExpression>

<XPathQuery>Property[@Name='Test']</XPathQuery>

</ValueExpression>

<Operator>Less</Operator>


-<ValueExpression>

<Value>60</Value>

</ValueExpression>

</SimpleExpression>

</AlertExpression>

</DataSource>

</DataSources>


-<WriteActions>


-<WriteAction ID="Alert" RunAs="RunAsProfile_64801d2e77334629ad8bc380d941e9b2" TypeID="Health!System.Health.GenerateAlert">

<Priority>2</Priority>

<Severity>2</Severity>

<AlertName/>

<AlertDescription/>

<AlertOwner/>

<AlertMessageId>$MPElement[Name="MomUIGeneratedRuleb88a739c146a4690a42d37498c6af60e.AlertMessage"]$</AlertMessageId>


-<AlertParameters>

<AlertParameter1>$Data/Property[@Name='Test']$</AlertParameter1>

<AlertParameter2>$Data/Property[@Name='Test2']$</AlertParameter2>

</AlertParameters>

<Suppression/>

<Custom1/>

<Custom2/>

<Custom3/>

<Custom4/>

<Custom5/>

<Custom6/>

<Custom7/>

<Custom8/>

<Custom9/>

<Custom10/>

</WriteAction>

</WriteActions>

</Rule>

</Rules>


-<Overrides>


-<RulePropertyOverride ID="OverrideForRuleMomUIGeneratedRuleb88a739c146a4690a42d37498c6af60eForContextMicrosoftWindowsOperatingSystem9031d63107894591a8fdcea6314c4639" Property="Enabled" Rule="MomUIGeneratedRuleb88a739c146a4690a42d37498c6af60e" Enforced="false" ContextInstance="dd5c691d-297d-01b2-96fd-9f3b01357fcc" Context="MicrosoftWindowsLibrary7585010!Microsoft.Windows.OperatingSystem">

<Value>true</Value>

</RulePropertyOverride>


-<SecureReferenceOverride ID="SecureOverride9a0e2417_1a10_ebcc_f9c8_1c193e35a131" Enforced="false" ContextInstance="02a4cf51-3ef0-09b3-85df-6e2c0520b447" Context="SystemLibrary7585010!System.Entity" SecureReference="RunAsProfile_64801d2e77334629ad8bc380d941e9b2">

<Value>0060A301B9215D43C81C6A257147A30BC6B20A918800000000000000000000000000000000000000</Value>

</SecureReferenceOverride>

</Overrides>

</Monitoring>


-<Presentation>


-<Folders>

<Folder Accessibility="Public" ID="Folder_43e7380c573a4a5595cf8c4eb17791ff" ParentFolder="SystemCenter!Microsoft.SystemCenter.Monitoring.ViewFolder.Root"/>

</Folders>


-<StringResources>

<StringResource ID="MomUIGeneratedRuleb88a739c146a4690a42d37498c6af60e.AlertMessage"/>

</StringResources>

</Presentation>


-<LanguagePacks>


-<LanguagePack ID="ENU" IsDefault="false">


-<DisplayStrings>


-<DisplayString ElementID="Test">

<Name>Test</Name>

<Description>Testing User Agent monitoring.</Description>

</DisplayString>


-<DisplayString ElementID="Folder_43e7380c573a4a5595cf8c4eb17791ff">

<Name>Test</Name>

</DisplayString>


-<DisplayString ElementID="MomUIGeneratedRuleb88a739c146a4690a42d37498c6af60e">

<Name>Test</Name>

<Description>Test.</Description>

</DisplayString>


-<DisplayString ElementID="MomUIGeneratedRuleb88a739c146a4690a42d37498c6af60e.AlertMessage">

<Name>Test</Name>

<Description>Test</Description>

</DisplayString>


-<DisplayString ElementID="OverrideForRuleMomUIGeneratedRuleb88a739c146a4690a42d37498c6af60eForContextMicrosoftWindowsOperatingSystem9031d63107894591a8fdcea6314c4639">

<Name>NotUsed</Name>

<Description>Test</Description>

</DisplayString>


-<DisplayString ElementID="RunAsProfile_64801d2e77334629ad8bc380d941e9b2">

<Name>SCOMAccount</Name>

<Description>Testing SCOM account.</Description>

</DisplayString>

</DisplayStrings>

</LanguagePack>

</LanguagePacks>

</ManagementPack>

Rules don’t define the attribute RunAs and you shouldn’t be setting the writeaction to run under the context of a runas either

First question: Do you want the script to run as the run as profile (must be a domain user), or just have access to the credentials (for example, making web requests)?

If the former, you should define the RunAs attribute on the Datasource inside the rule.

If the latter, then you needs to send the Run As profile Username and Password into the PS script as parameters - SecureInput is required for VBScript modules due to the way it’s called and is not relevant for PS scripts.

The Community PowerShell modules expose this only as a single value - Arguments - So you would have to delimit them in some way, which you need to then expand the in script to extract the username and password from.

Thanks Jelly. I’m indifferent on the method, and was exploring doing it entirely within PowerShell as well, but wanted to see what could be done.

The server where the script runs, it is accessing a file share, and cannot get to it with the SYSTEM action account. So if I set the action account as the domain account, it works fine, but I didn’t want to change the action account just for this one script.

Do you have an example of the methods you referred to or point me to any online resources that show this?

Hi Jelly,
I am looking for good documentation on how to do this and what tool to use. Do you have some good links/docs?

There’s some great resources on technet: https://social.technet.microsoft.com/wiki/contents/articles/14255.system-center-authoring-hub.aspx#Management_Pack_Authoring_Guides

And this page links to some more great resources: https://www.opsconfig.com/scom-management-pack-authoring-training-a-different-approach-part-i/