Solved

How do I a powershell script with alternate credentials

Posted on 2009-05-04
5
946 Views
Last Modified: 2012-05-06
Hello everyone! I am sure this is a simple answer, but I have no clue how to get it to work. I have a script that is querying a XenDesktop farm and the user must have elevated credentials on the farm in order to run the script. In stead of giving everyone those elevated credentials, we have created an account that can run it. My question:
Is there a way to program in the credentials into the PowerShell script so when it is ran it runs as the account that has the correct rights.
0
Comment
Question by:rsgage
  • 4
5 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24295468
Dont think that you can code the account credentials directly into powershell, but what about creating a loading script to exec runas with your script.

http://www.tek-tips.com/faqs.cfm?fid=2760


Basically a vbscript which uses runas to execute the powershell script with a different account.  Then give the users a shortcut to the vbs script.


zf
0
 

Author Comment

by:rsgage
ID: 24297026
I read the article and it is almost what I am needing. Do you happen to know of a way to pass the user id and password in the vbs script? We don't want the end user to have to enter the password.
0
 
LVL 12

Accepted Solution

by:
zoofan earned 250 total points
ID: 24297153
Within the script Lines 35 36 37 are the variables used for the user/pass/domain and command which are retrived from command line arguments, simply pass these arguments within the shortcut

OR

set them manually and don't use arguments.  removed arguments section in below code to show where/how you can set these manually instead if you choose

sUser= "Username" 'CHANGE to username
sPass= "password" &VBCRLF 'CHANGE to password
sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script


if you set them manually without using arguments then you can also compile the script into an exe removing the ability to read this information in clear text(this is NOT secure by any means but is better than clear text scripts)

zf
'Start of Script
'VBRUNAS.VBS
'v1.2 March 2001
'Jeffery Hicks
'jhicks@quilogy.com http://www.quilogy.com
'USAGE: cscript|wscript VBRUNAS.VBS Username Password Command
'DESC: A RUNAS replacement to take password at a command prompt.
'NOTES: This is meant to be used for local access. If you want to run a command
'across the network as another user, you must add the /NETONLY switch to the RUNAS
'command.
 
' *********************************************************************************
' * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED AS *
' * NECESSARY TO MEET YOUR NEEDS. THE AUTHOR MAKES NO GUARANTEES OR WARRANTIES, *
' * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER MODIFICATIONS. *
' * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A SECURED LAB *
' * ENVIRONMENT. USE AT YOUR OWN RISK. *
' *********************************************************************************
 
On Error Resume Next
dim WshShell,oArgs,FSO
 
sUser= "Username" 'CHANGE to username
sPass= "password" &VBCRLF 'CHANGE to password
sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script
 
set WshShell = CreateObject("WScript.Shell")
set WshEnv = WshShell.Environment("Process")
WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"
set FSO = CreateObject("Scripting.FileSystemObject")
 
if FSO.FileExists(winpath) then
'wscript.echo winpath & " " & "verified"
else
wscript.echo "!! ERROR !!" & VBCRLF & "Can't find or verify " & winpath &"." & VBCRLF & "You must be running Windows 2000 for this script to work."
set WshShell=Nothing
set WshEnv=Nothing
set oArgs=Nothing
set FSO=Nothing
wscript.quit
end if
 
rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)
Wscript.Sleep 30 'need to give time for window to open.
WshShell.AppActivate(WinPath) 'make sure we grab the right window to send password to
WshShell.SendKeys sPass 'send the password to the waiting window.
 
set WshShell=Nothing
set oArgs=Nothing
set WshEnv=Nothing
set FSO=Nothing
 
wscript.quit
 
'************************
'* Usage Subroutine *
'************************
Sub Usage()
On Error Resume Next
msg="Usage: cscript|wscript vbrunas.vbs Username Password Command" & VBCRLF & VBCRLF & "You should use the full path where necessary and put long file names or commands" & VBCRLF & "with parameters in quotes" & VBCRLF & VBCRLF &"For example:" & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog e:\scripts\admin.vbs" & VBCRLF & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog " & CHR(34) &"e:\program files\scripts\admin.vbs 1stParameter 2ndParameter" & CHR(34)& VBCRLF & VBCRLF & VBCLRF & "cscript vbrunas.vbs /?|-? will display this message."
 
wscript.echo msg
 
wscript.quit
 
end sub
'End of Script 

Open in new window

0
 
LVL 12

Expert Comment

by:zoofan
ID: 24297173
Sorry your shortcut command line to pass them so the user is not typing them would look like this:


runElevated.vbs user password command



zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 24515530
Did you get this working?

zf
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
Where to go on the main page to find the job listings. How to apply to a job that you are interested in from the list that is featured on our Careers page.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question