Solved

How do I a powershell script with alternate credentials

Posted on 2009-05-04
5
948 Views
Last Modified: 2012-05-06
Hello everyone! I am sure this is a simple answer, but I have no clue how to get it to work. I have a script that is querying a XenDesktop farm and the user must have elevated credentials on the farm in order to run the script. In stead of giving everyone those elevated credentials, we have created an account that can run it. My question:
Is there a way to program in the credentials into the PowerShell script so when it is ran it runs as the account that has the correct rights.
0
Comment
Question by:rsgage
  • 4
5 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24295468
Dont think that you can code the account credentials directly into powershell, but what about creating a loading script to exec runas with your script.

http://www.tek-tips.com/faqs.cfm?fid=2760


Basically a vbscript which uses runas to execute the powershell script with a different account.  Then give the users a shortcut to the vbs script.


zf
0
 

Author Comment

by:rsgage
ID: 24297026
I read the article and it is almost what I am needing. Do you happen to know of a way to pass the user id and password in the vbs script? We don't want the end user to have to enter the password.
0
 
LVL 12

Accepted Solution

by:
zoofan earned 250 total points
ID: 24297153
Within the script Lines 35 36 37 are the variables used for the user/pass/domain and command which are retrived from command line arguments, simply pass these arguments within the shortcut

OR

set them manually and don't use arguments.  removed arguments section in below code to show where/how you can set these manually instead if you choose

sUser= "Username" 'CHANGE to username
sPass= "password" &VBCRLF 'CHANGE to password
sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script


if you set them manually without using arguments then you can also compile the script into an exe removing the ability to read this information in clear text(this is NOT secure by any means but is better than clear text scripts)

zf
'Start of Script
'VBRUNAS.VBS
'v1.2 March 2001
'Jeffery Hicks
'jhicks@quilogy.com http://www.quilogy.com
'USAGE: cscript|wscript VBRUNAS.VBS Username Password Command
'DESC: A RUNAS replacement to take password at a command prompt.
'NOTES: This is meant to be used for local access. If you want to run a command
'across the network as another user, you must add the /NETONLY switch to the RUNAS
'command.
 
' *********************************************************************************
' * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED AS *
' * NECESSARY TO MEET YOUR NEEDS. THE AUTHOR MAKES NO GUARANTEES OR WARRANTIES, *
' * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER MODIFICATIONS. *
' * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A SECURED LAB *
' * ENVIRONMENT. USE AT YOUR OWN RISK. *
' *********************************************************************************
 
On Error Resume Next
dim WshShell,oArgs,FSO
 
sUser= "Username" 'CHANGE to username
sPass= "password" &VBCRLF 'CHANGE to password
sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script
 
set WshShell = CreateObject("WScript.Shell")
set WshEnv = WshShell.Environment("Process")
WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"
set FSO = CreateObject("Scripting.FileSystemObject")
 
if FSO.FileExists(winpath) then
'wscript.echo winpath & " " & "verified"
else
wscript.echo "!! ERROR !!" & VBCRLF & "Can't find or verify " & winpath &"." & VBCRLF & "You must be running Windows 2000 for this script to work."
set WshShell=Nothing
set WshEnv=Nothing
set oArgs=Nothing
set FSO=Nothing
wscript.quit
end if
 
rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)
Wscript.Sleep 30 'need to give time for window to open.
WshShell.AppActivate(WinPath) 'make sure we grab the right window to send password to
WshShell.SendKeys sPass 'send the password to the waiting window.
 
set WshShell=Nothing
set oArgs=Nothing
set WshEnv=Nothing
set FSO=Nothing
 
wscript.quit
 
'************************
'* Usage Subroutine *
'************************
Sub Usage()
On Error Resume Next
msg="Usage: cscript|wscript vbrunas.vbs Username Password Command" & VBCRLF & VBCRLF & "You should use the full path where necessary and put long file names or commands" & VBCRLF & "with parameters in quotes" & VBCRLF & VBCRLF &"For example:" & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog e:\scripts\admin.vbs" & VBCRLF & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog " & CHR(34) &"e:\program files\scripts\admin.vbs 1stParameter 2ndParameter" & CHR(34)& VBCRLF & VBCRLF & VBCLRF & "cscript vbrunas.vbs /?|-? will display this message."
 
wscript.echo msg
 
wscript.quit
 
end sub
'End of Script 

Open in new window

0
 
LVL 12

Expert Comment

by:zoofan
ID: 24297173
Sorry your shortcut command line to pass them so the user is not typing them would look like this:


runElevated.vbs user password command



zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 24515530
Did you get this working?

zf
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding a job can be stressful - searches, resume tweaks, and networking events can be super boring. Luckily we're here to help you land your dream job!
Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift (https://www.theguardian.com/commentisfree/2015/jul/26/will-we-get-by-gig-economy) or an overstated trend (http://www.wsj.com/articles/proof-of-a-g…
Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question