I have Windows Server 2008 R2 SP1.

I'm able to run a ps1 script with Get-Process just fine.

But, when I try to use New-PSDrive with PSCredentials, I get an error. I tried to google and got some references to remote execution policies etc (for example: Enable-WSManCredSSP Server and Enable-PSRemoting) and I tried to enable those as well, but it did not help.

As far as I have understood, the Splunk forwarder is running a 'wrapper' script from splunk_home/bin/splunk-powershell.ps1, which has a ref:

this script is launched with the following command from splunk-powershell.exe:

powershell.exe -command "& {get-content "C:\Users\AppData\Local\Temp\input.tmp" | "c:\splunk_build\bin\splunk-powershell.ps1" }"

I'm wondering is there any way to manually mimic the forwarder execution from the cmd with some proper inputs?

My configs are below:

inputs.conf:

 [powershell://CIFSUsage]
    script = . "$SplunkHome\etc\apps\myapp\scripts\getCIFSUsage.ps1"
    schedule = 0 * * * * ?
    sourcetype = CIFSUsage
    index = sandbox

PS1-script:

$User = "looser"
$PWord = ConvertTo-SecureString -String "verystrongandlongfoobarpwdhere" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
New-PSDrive -Name X -PSProvider FileSystem -Root \\cifs-server1\mount -Credential $Credential -Persist | Select-Object Used,Free
# Disconnect the mount
Remove-PSDrive X

Error:

ERROR User script exception: : A specified logon session does not exist. It may already have been terminated