Powershell Invoke-Command remote works manually, but not from Jenkins

You are probably hitting the remote execution script limitation from Jenkins (security is the cause here). You need to configure the Jenkins server to be able to run the script "normally" but you will always have to add the credentials.

The script you are running from powershell command line uses the default credentials for your win-cm8utd1qfnc\administrator so the following will work as you wrote:

PS C:\Users\Administrator> whoamiwin-cm8utd1qfnc\administratorPS C:\Users\Administrator> Invoke-Command -computername web.sandbox.MUNGED.com -scriptblock {iisreset /restart}Attempting stop...Internet services successfully stoppedAttempting start...Internet services successfully restarted

However, when running Powershell from Jenkins, a plugin by its nature, you are hitting the security-by-design limitation. You don't want to run "wild" scripts with your Administration account.

The most reasonable guide I have found on this topic was here (the following is excerpt from the page:

Executing Powershell scripts/commands remotely

he above job creates a text file on the Jenkins server itself. To setup remote Powershell scripts we first need to configure Jenkins server for remote Powershell script execution. To enable remote Windows machine in to the WS-Man trusted list on Jenkins servers. Execute the below command on Powershell window on Jenkins server. The command will add all the remote machine to the trusted list.

Set-Item WSMan:\localhost\Client\TrustedHosts *

Along with the commands, we would also need to enable remote script execution also. To enable execution of Powershell scripts remotely execute the following command in Powershell window on Jenkins server.

Set-ExecutionPolicy RemoteSigned –Force

We will have to install a new plugin named EnvInject Plugin for transferring variables e.g. passwords.

Login to Jenkins and navigate to Manage Jenkins > Manage PluginsClick on the Available tab and Enter EnvInject in the filter boxSelect the plugin showing by name PowerShell PluginSelect Download now and install after restart

Creating a job to restart Windows time service:

On Jenkins interface, click New ItemEnter Remote Powershell scripts for the job name. Select Freestyle projectTick This build is parameterized. Create following parameters    Type: String Parameter    Name: ServerIp/Hostname    Description: Remote machine’s IP address.    Type: String Parameter    Name: UserName    Type: Password Parameter    Name: PasswordNow, Click Add Parameter list and select the Choice Parameter. Enter the options on new lines inside the Choices text box. Also,

provide description for the options mentioned:

The following script is based on the above link, but I did not like the plain text used so I have decided to rewrite it to use Powershell's SecureString

First to store your admin password:

read-host -AsSecureString | ConvertFrom-SecureString | Out-File C:\<your_path>\securestring.txt

Then have the script:

# Configure build failure on errors on the remote machine similar to set -x on bash script $ErrorActionPreference = 'Stop'  # Create a PSCredential Object using the "Username" and "Password" variables created on job $password = Get-Content 'C:\<your_path>\securestring.txt' | ConvertTo-SecureString$creddentials = New-Object System.Management.Automation.PSCredential -ArgumentList $env:UserName, $password# It depends on the type of job you are executing on the remote machine as to if you want to use "-ErrorAction Stop" on your Invoke-Command. Invoke-Command -ComputerName $env:Computer -Credential $credentials -ScriptBlock { Restart-Service -Name W32Time }

See this question: Remote Access with Powershell and Jenkins

Need to change service user from Local System to administrator.