Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 7 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
AG_G1_
Posts: 6
Last visit: Sun Mar 05, 2017 10:51 am
Post
by AG_G1_ » Wed Mar 01, 2017 6:39 am
Hello,
The code below is my function to test user credentials wherever I'm in a domain or not, disconnected from the network or not. It's working great, thanks to Andy Arismendi. But I have an issue if there is a mapped drive connected with my credentials. The function will always return $true.
Can someone help me please?
function Test- UserCredential{
[ CmdletBinding( DefaultParameterSetName = "PSCredential" ) ]
[ OutputType( "set1" , [ System.Boolean] ) ]
[ OutputType( "PSCredential" , [ System.Boolean] ) ]
param (
[ Parameter( Mandatory= $true , ParameterSetName= "set1" , position= 0 ) ]
[ ValidateNotNullOrEmpty( ) ]
[ String ] $Username ,
[ Parameter( Mandatory= $true , ParameterSetName= "set1" , position= 1 ) ]
[ ValidateNotNullOrEmpty( ) ]
[ System.Security.SecureString] $Password ,
[ Parameter( Mandatory= $true , ParameterSetName= "PSCredential" , ValueFromPipeline= $true , position= 0 ) ]
[ ValidateNotNullOrEmpty( ) ]
[ Management.Automation.PSCredential] $Credential ,
[ Parameter( position= 2 ) ]
[ Switch ] $Domain ,
[ Parameter( position= 3 ) ]
[ Switch ] $UseKerberos
)
Begin {
try { $assem = [ system.reflection.assembly ] ::LoadWithPartialName ( 'System.DirectoryServices.AccountManagement' ) }
catch { throw 'Failed to load assembly "System.DirectoryServices.AccountManagement". The error was: "{0}".' -f $_ }
$system = Get-WmiObject -Class Win32_ComputerSystem
if ( 0 , 2 -contains $system .DomainRole -and $Domain ) {
throw 'This computer is not a member of a domain.'
}
}
Process {
try {
switch ( $PSCmdlet .ParameterSetName) {
'PSCredential' {
if ( $Domain ) {
$Username = $Credential .UserName.TrimStart( '\' )
} else {
$Username = $Credential .GetNetworkCredential( ) .UserName
}
$PasswordText = $Credential .GetNetworkCredential( ) .Password
}
'set1' {
$PasswordText = [ Runtime.InteropServices.Marshal] ::PtrToStringAuto(
[ Runtime.InteropServices.Marshal] ::SecureStringToBSTR( $Password ) )
}
}
if ( $Domain ) {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain' , $system .Domain
} else {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine' , $env :COMPUTERNAME
}
if ( $Domain -and $UseKerberos ) {
return $pc .ValidateCredentials( $Username , $PasswordText )
} else {
return $pc .ValidateCredentials( $Username , $PasswordText , [ DirectoryServices.AccountManagement.ContextOptions] ::Negotiate)
}
} catch {
throw 'Failed to test user credentials. The error was: "{0}".' -f $_
} finally {
}
}
}
To test credentials, I type this:
$MyPassword = $TextBox .Text | ConvertTo-SecureString -AsPlainText -Force
Test- UserCredential - user $MyUser - password $MyPassword
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times
Post
by jvierra » Wed Mar 01, 2017 9:21 am
Yes. This is not a reliable way to test credentials.
What is the purpose of testing credentials?
AG_G1_
Posts: 6
Last visit: Sun Mar 05, 2017 10:51 am
Post
by AG_G1_ » Wed Mar 01, 2017 11:19 am
It's for making scheduled tasks via a form where there are among other things two textbox (
( [ Security.Principal.WindowsIdentity] ::GetCurrent( ) ) .Name
& password) and a buton to check credentials. If those are goods, I can register some scheduled tasks by simple click.
I tried several ways but I didn't find one working wherever I'm in a domain or not and if I'm offline or not (exemple: I'm connected with domain user but I'm offline).
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times
Post
by jvierra » Wed Mar 01, 2017 11:28 am
If the credentials are bad the registration of the task will fail. The scheduler API tests the creds when you register the task.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times
Post
by jvierra » Wed Mar 01, 2017 11:35 am
Here is what happens when you use invalid credentials:
D:\scripts> $task | Register- ScheduledTask - TaskName TestCreds - User TestUser - Password Pass@ Word^%
Register- ScheduledTask : The user name or password is incorrect.
At line:1 char:9
+ $task | Register- ScheduledTask - TaskName TestCreds - User TestUser - Pa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: ( PS_ScheduledTask:Root/ Microsoft/ ...S_ScheduledTask) [ Register- Sche
duledTask] , CimException
+ FullyQualifiedErrorId : HRESULT 0x8007052e, Register- ScheduledTask
AG_G1_
Posts: 6
Last visit: Sun Mar 05, 2017 10:51 am
Post
by AG_G1_ » Wed Mar 01, 2017 12:00 pm
Indeed. So how can I catch a failed registration whatever the authentication error. I'd like to avoid getting an unreadable message for the user who will use my form?
AG_G1_
Posts: 6
Last visit: Sun Mar 05, 2017 10:51 am
Post
by AG_G1_ » Sat Mar 04, 2017 7:43 am
Well, I tried a try/catch but I didn't succeed.
If the password is empty, it's freezing. And if the password is wrong, the message saying that the user or password is wrong is written in the console and the finally block shows up.
$handler_SetTaskButton_Click =
{
try {
schtasks.exe / Create...
}
Catch {
[ System.Reflection.Assembly ] ::LoadWithPartialName ( "System.Windows.Forms" ) | Out-Null
[ output] [ System.Windows.Forms.MessageBox] ::Show( "$LASTEXITCODE" ) [ / output]
}
Finally{
[ System.Reflection.Assembly ] ::LoadWithPartialName ( "System.Windows.Forms" ) | Out-Null
[ output] [ System.Windows.Forms.MessageBox] ::Show( "Worked fine." ) [ / output]
}
}
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times
Post
by jvierra » Sat Mar 04, 2017 8:23 am
Use Register-0ScheduledTask. SchTasks will not work as you want.
Try/Catch does not catch errors in external programs. We use $LASTEXITCODE for that,
AG_G1_
Posts: 6
Last visit: Sun Mar 05, 2017 10:51 am
Post
by AG_G1_ » Sat Mar 04, 2017 10:20 am
Well, a lot of my clients still use W2008 (6.0), so I can't update to Powershell 4...
This topic is 7 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked