Posts:
4
Registered:
11/24/10
|
|
|
|
Running a powershell script with different user credentials
Posted:
Nov 30, 2010 3:05 AM
|
|
|
hello
is it posible to run a powershell script i.e. powershell.exe c:\script1.ps1
but when is launches it runs the script under the credentials of a different user (AD User)
thing is I do not want the user who runs the script to be promoted for a password for this user credentials the script will run under. I not too concerned if the password is in clear text on the command line or similar
Thanks All
Ernie
|
|
|
Posts:
1,049
Registered:
3/20/07
|
|
|
|
Re: Running a powershell script with different user credentials
Posted:
Dec 1, 2010 8:50 PM
in response to: ErnieB
|
|
|
Here's how you can create the Credential object containing the username and password you want to use:
$username = 'POSHSTUDIOS\Poshoholic'
$password = 'P4$$w0rd'
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
Once you have the password ready for use in a credential object, you can do a number of things, such as call Start-Process to launch PowerShell.exe, specifying the credential in the -Credential parameter, or Invoke-Command to invoke a "remote" command locally, specifying the credential in the -Credential parameter, or you could call Start-Job to do the work as a background job, passing the credentials you want into the -Credential parameter.
Hopefully that should be enough to get you started. Let us know if you need more assistance.
|
Kirk Munro [MVP]
Poshoholic
My blog: http://poshoholic.com
Follow me on Twitter: http://twitter.com/poshoholic
|
|
Posts:
1
Registered:
11/1/10
|
|
|
|
Re: Running a powershell script with different user credentials
Posted:
Dec 3, 2010 6:46 AM
in response to: ErnieB
|
|
|
The JAMS Scheduler also provides a cmdlet to securely retrieve credentials from the JAMS password vault.
GET-JAMSCredential can pass credentials securely, without the plain text password.
as in:
Add-PSsnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue
Add-PSsnapin MVPSI.JAMS -ErrorAction SilentlyContinue
cd "C:\Program Files\VMware\Infrastructure\vSphere PowerCLI\Scripts\"
.\Initialize-VIToolkitEnvironment.ps1
$RCCachCredential = Get-JAMSCredential root
connect-VIServer $vcserver -user root -credential $RCCachCredential
|
|
|
Posts:
4
Registered:
11/24/10
|
|
|
|
Re: Running a powershell script with different user credentials
Posted:
Dec 4, 2010 6:57 AM
in response to: KirkAMunro
|
|
|
Thanks you ALL, I really appreaciate your help.
Sorry to be dumb (but I am not a scripter at heart) 
I tock Kirk example in the first instance i.e.
$username = 'POSHSTUDIOS\Poshoholic'
$password = 'P4$$w0rd'
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
I changed the username for the username I want to use and I change the password to the password of the user. I left the rest as is. saved as script.ps1 went into powershell console and ran ./script.ps1 it ran with no errors.
I am assuming a new enrity (for want of a beter word) called $cred has been created holding the username and password?
The thing is how to I now utilize this for example if I have a .cmd file called runthis.cmd which contains
powershell.exe c:\script100.ps1
Now the above script100.ps1 needs to run with higher credentials (as above), how do I achieve this with the -Credential command?
for example from within powershell console (as a test) i tried ./script100.ps1 -Credential $Cred
However I was prompted for the username and password
Sorry to be so dumb, I guess if you are scripters at heart is straightforward.
Can you please step me through the process, Thank you very much
Ernie
|
|
|
Posts:
4
Registered:
11/24/10
|
|
|
|
Re: Running a powershell script with different user credentials
Posted:
Dec 5, 2010 4:10 AM
in response to: ErnestBrant_203
|
|
|
hello
I figured it out and got it working, unfortunately it appears I cannot use ConvertTo-SecureString logged in as someone else i.e. only the user that created the password file can covert if back again.
I will take a look at the other option mentioned, thank again, any more advise most welcome
Ernie
|
|
|
Posts:
1,049
Registered:
3/20/07
|
|
|
|
Re: Running a powershell script with different user credentials
Posted:
Dec 6, 2010 8:59 PM
in response to: ErnestBrant_203
|
|
|
Hi Ernie,
Actually you can use ConvertTo-SecureString as I showed earlier, but you're missing something in the invocation that is causing you problems. Consider this scenario:
1. You have a script file called C:\Get-UserName.ps1 with the following contents:
$env:USERNAME
2. You want to invoke that script as a different user, so you do so like this:
$username = 'POSHSTUDIOS\Poshoholic'
$password = 'P4$$w0rd'
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
Invoke-Command -FilePath C:\Get-UserName.ps1 -Credential $cred -ComputerName localhost
If you follow these steps, you should get back the name of the user you specified in $username. That means you are executing the Get-UserName.ps1 script file in the context of the other user, which is what you need. To do this from a PowerShell.exe command line, you could have a second file that creates the credential and invokes the first file and then use that second file in your PowerShell command line.
Make sense?
|
Kirk Munro [MVP]
Poshoholic
My blog: http://poshoholic.com
Follow me on Twitter: http://twitter.com/poshoholic
|
|
Posts:
2
Registered:
5/24/12
|
|
|
|
Re: Running a powershell script with different user credentials
Posted:
May 24, 2012 6:46 AM
in response to: KirkAMunro
|
|
|
Kirk, any sample about it ??
" That means you are executing the Get-UserName.ps1 script file in the context of the other user, which is what you need. To do this from a PowerShell.exe command line, you could have a second file that creates the credential and invokes the first file and then use that second file in your PowerShell command line."
|
|
|
Posts:
1
Registered:
1/18/13
|
|
|
|
Re: Running a powershell script with different user credentials
Posted:
Jan 18, 2013 11:14 AM
in response to: KirkAMunro
|
|
|
Kirk,
I know this post is old but I have a similar issue and I think you might be able to help.
I'm trying to add registry keys for another User using powershell.
$credential = New-Object System.Management.Automation.PSCredential('MediaProcessor', (ConvertTo-SecureString mypassword -AsPlainText -Force))
$job = Invoke-Command -ComputerName localhost -Credential $credential -ScriptBlock {
New-Item -Path HKCU:\SOFTWARE -Name SimonTatham\PuTTY\SshHostKeys -Force
New-ItemProperty -Path HKCU:\SOFTWARE\SimonTatham\PuTTY\SshHostKeys -Name "rsa2@22:upload.example.com" -PropertyType String -Value "09092039f9032"
}
However, I get:
PS C:\Users\Administrator> $job = Invoke-Command -ComputerName localhost -Credential $credential -ScriptBlock {
New-Item -Path HKCU:\SOFTWARE -Name SimonTatham\PuTTY\SshHostKeys -Force
New-ItemProperty -Path HKCU:\SOFTWARE\SimonTatham\PuTTY\SshHostKeys -Name "rsa2@22:upload.example.com" -PropertyType String -Value "09092039f9032"
}
[localhost] Connecting to remote server localhost failed with the following error message : Access is denied. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (localhost:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
If this is an issue with permissions and Invoke-Command to invoke a "remote" command locally, what's a better way of doing this?
|
|
|
|
Legend
|
|
MVP: 2501
+
pts
|
|
Guru: 2001
- 2500
pts
|
|
Expert: 751
- 2000
pts
|
|
Enthusiast: 31
- 750
pts
|
|
Novice: 0
- 30
pts
|
|
Moderators
|
|
Helpful answer
(5 pts)
|
|
Answered
(10 pts)
|
|
