0

I am trying to download and restore database backups against a SQL server with an AzureRM custom script extension, the files download fine but restores fail with access denied ('for database 'master'), I assume this is because the script runs as the local system account and has no permissions.

For lots of the other activities I'm doing as part of Azure automation, I can pass a credential object to handle this stuff without storing secrets (i.e. the result of get-credential passed as an argument) but Set-AzureRmCustomScriptExtension only allows arguments of type "string"

How can I set the restore-sqldatabasebackup commandlet in that custom script extension to use the existing user that has permission to do this?

Elomis
  • 313
  • 1
  • 2
  • 12

1 Answers1

0

well, you can just construct credential object "on the fly":

$cred = [pscredential]::new('administrator',(ConvertTo-SecureString -String '!Q2w3e4r' -AsPlainText -Force))

you can obviously use variables in here and pass those into the custom script extension. another option - grant local system permission to restore databases ;)

4c74356b41
  • 628
  • 5
  • 10