PowerShell Script with Clixml and Task Scheduler

When I run my PowerShell script manually, everything works fine, but it doesn't work via task scheduling.

The reason is probably my stored credentials for Active Directory and Mobile Device Management. I stored them with "Export-Clixml" but the XML files cant be read when I open the script with task scheduler. Without it works perfect.

The task scheduler is executed with the same user who saved the credentials in the XML before.

I've tried the Solution from "Bender the Greatest". Unfortunately it still doesn't work. I exported my credentials with "Export-Clixml" and import them with "Import-Clixml".

It doesn't matter if I generate them manually via my admin account or via the system account (with psexec). If I then execute it via the corresponding account with which the credentials were generated, it still doesn't work.

But it seems to find the credentials (I saw that in the log). But The import doesn't seem to work.

If I manually include the credentials in the script it works fine, but I would have liked to store them encrypted.

[Lizenzauswertung] Überprüfe Zugangsdaten
[Lizenzauswertung] MDM Zugangsdaten gefunden - Credentials found
[Lizenzauswertung] MDM AccessToken gefunden - Credentials found
[Lizenzauswertung] AD Zugangsdaten gefunden - Credentials found

Here I'm trying to decrypt the Password from the XML File:

It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:171 Zeichen:1
+ $PSCPW  = $CredsMDM.GetNetworkCredential().Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:171 Zeichen:1
+ $PSCPW  = $CredsMDM.GetNetworkCredential().Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

This is a replacement for the username to have the right spelling for a webrequest:

It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:172 Zeichen:1
+ $RPSCUser = $PSCUser.Replace("INTRA","intra.lan")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:172 Zeichen:1
+ $RPSCUser = $PSCUser.Replace("INTRA","intra.lan")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Here you can see the errors that occur when importing the MDM credentials. The reason for the errors is described above. I edit the credentials after importing them before they are passed to the script.

The MDM Access Token is not encrypted and can be read.

The AD credentials are not processed beforehand, but passed directly to the AD commands. Therefore, no error is displayed here. Since it does not finish the AD report, which I saw in the log, these are not imported either.

Here is a little code snippet of the Import/Export. Just got the code here for the MDM credentials. The other queries are the same.

If (Test-Path $CredentialsMDM){
        $CredsMDM = Import-Clixml -Path $CredentialsMDM
        Write-Host "[Lizenzauswertung] MDM Zugangsdaten gefunden" -ForegroundColor Green
    } else {
        Write-Host "[Lizenzauswertung] MDM Zugangsdaten nicht gefunden" -ForegroundColor Yellow
        Get-Credential -Message "Zugangsdaten für MDM / Airwatch" | export-clixml -path $CredentialsMDM
        $CredsMDM = Import-Clixml -Path $CredentialsMDM
}

Write-Host "[Lizenzauswertung] Zugangsdaten überprüft" -ForegroundColor Green

$PSCUser = $CredsMDM.UserName
$PSCPW  = $CredsMDM.GetNetworkCredential().Password
$RPSCUser = $PSCUser.Replace("INTRA","intra.lan")

$AccessToken = $CredsMDMAT.accesstoken
$Auth = $CredsAD

I've found the solution to my problem.

The reason was that the path to the credentials was ".\secretMDM.xml". The task scheduler executes the script at a different location. Therefore I had to specify the whole path of the file.

Thanks for the help anyway.

Edit: Out of interest I created the "Credential" - XML files with the Task Scheduler. Have a look where it stores the files ;)