Solved

How do I a powershell script with alternate credentials

Posted on 2009-05-04
5
945 Views
Last Modified: 2012-05-06
Hello everyone! I am sure this is a simple answer, but I have no clue how to get it to work. I have a script that is querying a XenDesktop farm and the user must have elevated credentials on the farm in order to run the script. In stead of giving everyone those elevated credentials, we have created an account that can run it. My question:
Is there a way to program in the credentials into the PowerShell script so when it is ran it runs as the account that has the correct rights.
0
Comment
Question by:rsgage
  • 4
5 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24295468
Dont think that you can code the account credentials directly into powershell, but what about creating a loading script to exec runas with your script.

http://www.tek-tips.com/faqs.cfm?fid=2760


Basically a vbscript which uses runas to execute the powershell script with a different account.  Then give the users a shortcut to the vbs script.


zf
0
 

Author Comment

by:rsgage
ID: 24297026
I read the article and it is almost what I am needing. Do you happen to know of a way to pass the user id and password in the vbs script? We don't want the end user to have to enter the password.
0
 
LVL 12

Accepted Solution

by:
zoofan earned 250 total points
ID: 24297153
Within the script Lines 35 36 37 are the variables used for the user/pass/domain and command which are retrived from command line arguments, simply pass these arguments within the shortcut

OR

set them manually and don't use arguments.  removed arguments section in below code to show where/how you can set these manually instead if you choose

sUser= "Username" 'CHANGE to username
sPass= "password" &VBCRLF 'CHANGE to password
sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script


if you set them manually without using arguments then you can also compile the script into an exe removing the ability to read this information in clear text(this is NOT secure by any means but is better than clear text scripts)

zf
'Start of Script

'VBRUNAS.VBS

'v1.2 March 2001

'Jeffery Hicks

'jhicks@quilogy.com http://www.quilogy.com

'USAGE: cscript|wscript VBRUNAS.VBS Username Password Command

'DESC: A RUNAS replacement to take password at a command prompt.

'NOTES: This is meant to be used for local access. If you want to run a command

'across the network as another user, you must add the /NETONLY switch to the RUNAS

'command.
 

' *********************************************************************************

' * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED AS *

' * NECESSARY TO MEET YOUR NEEDS. THE AUTHOR MAKES NO GUARANTEES OR WARRANTIES, *

' * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER MODIFICATIONS. *

' * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A SECURED LAB *

' * ENVIRONMENT. USE AT YOUR OWN RISK. *

' *********************************************************************************
 

On Error Resume Next

dim WshShell,oArgs,FSO
 

sUser= "Username" 'CHANGE to username

sPass= "password" &VBCRLF 'CHANGE to password

sCmd = "\\server\path\powershellscript" 'CHANGE to path and name of powershell script
 

set WshShell = CreateObject("WScript.Shell")

set WshEnv = WshShell.Environment("Process")

WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"

set FSO = CreateObject("Scripting.FileSystemObject")
 

if FSO.FileExists(winpath) then

'wscript.echo winpath & " " & "verified"

else

wscript.echo "!! ERROR !!" & VBCRLF & "Can't find or verify " & winpath &"." & VBCRLF & "You must be running Windows 2000 for this script to work."

set WshShell=Nothing

set WshEnv=Nothing

set oArgs=Nothing

set FSO=Nothing

wscript.quit

end if
 

rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)

Wscript.Sleep 30 'need to give time for window to open.

WshShell.AppActivate(WinPath) 'make sure we grab the right window to send password to

WshShell.SendKeys sPass 'send the password to the waiting window.
 

set WshShell=Nothing

set oArgs=Nothing

set WshEnv=Nothing

set FSO=Nothing
 

wscript.quit
 

'************************

'* Usage Subroutine *

'************************

Sub Usage()

On Error Resume Next

msg="Usage: cscript|wscript vbrunas.vbs Username Password Command" & VBCRLF & VBCRLF & "You should use the full path where necessary and put long file names or commands" & VBCRLF & "with parameters in quotes" & VBCRLF & VBCRLF &"For example:" & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog e:\scripts\admin.vbs" & VBCRLF & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog " & CHR(34) &"e:\program files\scripts\admin.vbs 1stParameter 2ndParameter" & CHR(34)& VBCRLF & VBCRLF & VBCLRF & "cscript vbrunas.vbs /?|-? will display this message."
 

wscript.echo msg
 

wscript.quit
 

end sub

'End of Script 

Open in new window

0
 
LVL 12

Expert Comment

by:zoofan
ID: 24297173
Sorry your shortcut command line to pass them so the user is not typing them would look like this:


runElevated.vbs user password command



zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 24515530
Did you get this working?

zf
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn more about the importance of email disclaimers with our top 10 email disclaimer DOs and DON’Ts.
CSS is a visual language used to classify objects and define rules about how they should be displayed. CSS skills aren’t restricted to developers anymore, there is a big benefit to having a basic understanding of the language, regardless of your occ…
Where to go on the main page to find the job listings. How to apply to a job that you are interested in from the list that is featured on our Careers page.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now