Solved

How do I a powershell script with alternate credentials

Posted on 2009-05-04
5
944 Views
Last Modified: 2012-05-06
Hello everyone! I am sure this is a simple answer, but I have no clue how to get it to work. I have a script that is querying a XenDesktop farm and the user must have elevated credentials on the farm in order to run the script. In stead of giving everyone those elevated credentials, we have created an account that can run it. My question:
Is there a way to program in the credentials into the PowerShell script so when it is ran it runs as the account that has the correct rights.
0
Comment
Question by:rsgage
  • 4
5 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24295468
Dont think that you can code the account credentials directly into powershell, but what about creating a loading script to exec runas with your script.

http://www.tek-tips.com/faqs.cfm?fid=2760


Basically a vbscript which uses runas to execute the powershell script with a different account.  Then give the users a shortcut to the vbs script.


zf
0
 

Author Comment

by:rsgage
ID: 24297026
I read the article and it is almost what I am needing. Do you happen to know of a way to pass the user id and password in the vbs script? We don't want the end user to have to enter the password.
0
 
LVL 12

Accepted Solution

by:
zoofan earned 250 total points
ID: 24297153
Within the script Lines 35 36 37 are the variables used for the user/pass/domain and command which are retrived from command line arguments, simply pass these arguments within the shortcut

OR

set them manually and don't use arguments.  removed arguments section in below code to show where/how you can set these manually instead if you choose

sUser= "Username" 'CHANGE to username
sPass= "password" &VBCRLF 'CHANGE to password
sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script


if you set them manually without using arguments then you can also compile the script into an exe removing the ability to read this information in clear text(this is NOT secure by any means but is better than clear text scripts)

zf
'Start of Script

'VBRUNAS.VBS

'v1.2 March 2001

'Jeffery Hicks

'jhicks@quilogy.com http://www.quilogy.com

'USAGE: cscript|wscript VBRUNAS.VBS Username Password Command

'DESC: A RUNAS replacement to take password at a command prompt.

'NOTES: This is meant to be used for local access. If you want to run a command

'across the network as another user, you must add the /NETONLY switch to the RUNAS

'command.
 

' *********************************************************************************

' * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED AS *

' * NECESSARY TO MEET YOUR NEEDS. THE AUTHOR MAKES NO GUARANTEES OR WARRANTIES, *

' * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER MODIFICATIONS. *

' * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A SECURED LAB *

' * ENVIRONMENT. USE AT YOUR OWN RISK. *

' *********************************************************************************
 

On Error Resume Next

dim WshShell,oArgs,FSO
 

sUser= "Username" 'CHANGE to username

sPass= "password" &VBCRLF 'CHANGE to password

sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script
 

set WshShell = CreateObject("WScript.Shell")

set WshEnv = WshShell.Environment("Process")

WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"

set FSO = CreateObject("Scripting.FileSystemObject")
 

if FSO.FileExists(winpath) then

'wscript.echo winpath & " " & "verified"

else

wscript.echo "!! ERROR !!" & VBCRLF & "Can't find or verify " & winpath &"." & VBCRLF & "You must be running Windows 2000 for this script to work."

set WshShell=Nothing

set WshEnv=Nothing

set oArgs=Nothing

set FSO=Nothing

wscript.quit

end if
 

rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)

Wscript.Sleep 30 'need to give time for window to open.

WshShell.AppActivate(WinPath) 'make sure we grab the right window to send password to

WshShell.SendKeys sPass 'send the password to the waiting window.
 

set WshShell=Nothing

set oArgs=Nothing

set WshEnv=Nothing

set FSO=Nothing
 

wscript.quit
 

'************************

'* Usage Subroutine *

'************************

Sub Usage()

On Error Resume Next

msg="Usage: cscript|wscript vbrunas.vbs Username Password Command" & VBCRLF & VBCRLF & "You should use the full path where necessary and put long file names or commands" & VBCRLF & "with parameters in quotes" & VBCRLF & VBCRLF &"For example:" & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog e:\scripts\admin.vbs" & VBCRLF & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog " & CHR(34) &"e:\program files\scripts\admin.vbs 1stParameter 2ndParameter" & CHR(34)& VBCRLF & VBCRLF & VBCLRF & "cscript vbrunas.vbs /?|-? will display this message."
 

wscript.echo msg
 

wscript.quit
 

end sub

'End of Script 

Open in new window

0
 
LVL 12

Expert Comment

by:zoofan
ID: 24297173
Sorry your shortcut command line to pass them so the user is not typing them would look like this:


runElevated.vbs user password command



zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 24515530
Did you get this working?

zf
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

One of the biggest challenges facing freelancers is balancing multiple projects and deadlines. Organizational skills and time management are key to keeping up with projects and staying on track. Luckily, we’ve curated seven tools to help you focus o…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now