The latest builds of PrimalScript 2009, PrimalScript 2011, PrimalForms 2009 and PrimalForms 2011 contain a new option for running packages under different credentials. Just as the VBScript and JScript packages have done for some time now, the PowerShell engines now also offer to re-run themselves using the specified credentials.
You could use elevation, which prompts for credentials or impersonation before, but these may fail under certain circumstances. For example, a group policy setting may prevent a process executed by a normal user from elevating its access rights or impersonating another user. In many enterprise level environments these rights are usually restricted. Additionally, any attempt to impersonate a domain administrator belonging to a different domain than the current user seems to result in “Access denied”.
In order to use this new option, check your Script Packager dialogs for the corresponding option:
PrimalForms 2009 and 2011
PrimalScript 2011
When you execute a package using this setting and look at the running processes you will notice that the process runs two instances:
The first instance is executed as the currently logged on user and then bootstraps itself again with the specified credentials. The original process will wait for the second instance to terminate and get its return value, returning it to the original caller. If this sounds complicated, don’t worry, it’s all pretty easy. We just don’t want your to worry when you see the process running twice, it’s perfectly alright.
