Please clarify Credential Levels for running scripts

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
smjadtnf707
Posts: 32
Joined: Sun May 19, 2019 7:26 pm

Please clarify Credential Levels for running scripts

Post by smjadtnf707 » Fri May 24, 2019 5:23 pm

Hello,
I am wondering if someone can explain ( Please share ), and possibly give references ( Preferred ) to different types of credentials needed /used when executing PowerShell scripts.

I'm working on a Powershell script with a GUI. The computers are domain joined. I have 3 accounts: Standard User, Workstation admin, and a 3rd that is used for more 3rd party tools: RSA admin, Crashplan , McAfee console, etc...

I have not been able to find information on best practices on credential use.

I want the script to run in 2 modes: Remote or Local. Nearly all script tasks are all run on a domain-joined workstation ( Post imaging customization). There are some tasks that that are getting info from AD or adding a workstation admin account, etc... but most are customization changes.
I've found 2 different methods: Using my workstation admin credential, or some other bypass mode documentation.

At the beginning of script I need reasonably high level access,
might need to set allow RDP but usually it's set
allow pssremote
set execution policy remote signed or bypass mode
Get /Set AD related items

then at end of script I want to revert back to all original security settings.

I 'm also a bit confused about running script with my credentials or somehow switching as logged in user and using elevation to make the changes needed. I say this because I tried several methods of running the script and depending of what section of the script it is running the changes do not take effect.

Sorry for the long post, it's my first one, lol, i'll keep em' shorter in the future if possible.
Thank You,

Wayne

User avatar
jvierra
Posts: 13682
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Please clarify Credential Levels for running scripts

Post by jvierra » Fri May 24, 2019 6:48 pm

There is really no simple way to answer your question. All answers are dependent on the script you are using.
There is no way in PowerShell to "switch credentials".

You can use "Invoke-Command", "Start-Process" and "Start-Job" to run code with alternate credentials.

There is no way to avoid the UAE prompt.

My best suggestions are to take the time to learn Windows Security and PowerShell. Once you understand both to a reasonable depth the answers to your questions will become obvious.

Again. We can answer your question for a specific script. It is impossible to answer for all conditions.

User avatar
smjadtnf707
Posts: 32
Joined: Sun May 19, 2019 7:26 pm

Re: Please clarify Credential Levels for running scripts

Post by smjadtnf707 » Sat May 25, 2019 6:49 pm

Hello,

Alright. Thank you for the quick reply.

I'll check out those other commands you mentioned to try and get a better understanding of those.

Thank You,

Wayne
Thank You,

Wayne

Locked