run as different user

[mqh77777]

Product, version and build: PowerShell Studio 2018 v5.5.150
32 or 64 bit version of product: 64-bit
Operating system: Windows 10
32 or 64 bit OS: 64-bit

I need to run a .ps1 script with elevated credentials.

$form1_Load={
$user = "domain\ElevatedUser"
$secPW = ConvertTo-SecureString -String "Pa$$word123" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($user, $secPW)
Start-Process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Credential $cred -filepath "c:\Windows\BuildFiles\Move.ps1"
$form1.Close()
}

Move.ps1 reads some registry keys which contain an OU path. It then moves the computer to that OU within active directory. My problem is that it never moves the machine. I have even put logging in the Move.ps1 and that never gets written to my output file.

What am I doing wrong in how I call this? I've tried a few different ways to format the start-process line yet nothing has worked.

[davidc]

[TOPIC MOVED TO POWERSHELL GUIS FORUM BY MODERATOR]

[mqh77777]

I have also tried to place all of the code from "c:\Windows\BuildFiles\Move.ps1" into my Form1 and use Invoke-Command instead. This also does Not move the computer nor does it log anything.


Invoke-Command -Credential $cred -scriptblock {

$Begin = "This is the beginning of the Move script"
$Finish = "This is the end of the Move script"
$Begin | out-file c:\temp\move\move.txt -Append
whoami | out-file c:\temp\move\move.txt -Append

import-module -Name C:\windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management -verbose

###########################################################################################
# Move the computer to the correct OU

$Computer = (get-ItemProperty hklm:\System\Build\Deploy).OriginalPCName
$GetOU = (get-ItemProperty hklm:\System\Build\Deploy).MachineOU
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(cn=$computer)"
$result = $search.FindOne()
$computerToMove = [ADSI]$result.path
$computerToMove.psbase.Moveto([ADSI]"LDAP://$GetOU")


# Make sure our variables contain the correct information
$Computer | out-file c:\temp\move\move.txt -Append
$GetOU | out-file c:\temp\move\move.txt -Append
$root | out-file c:\temp\move\move.txt -Append
$ComputerToMove | out-file c:\temp\move\move.txt -Append
whoami | out-file c:\temp\move\move.txt -Append
$Finish | out-file c:\temp\move\move.txt -Append
}

[jvierra]

You do not have to load the management module. PowerShell is the management module.

Use the AD module.

Get-AdComputer $env:COMPUTERNAME | Move-AdObject -Target <OU path>

[mqh77777]

the command has to run as an elevated user. and we'd like it to be a compiled .exe. So what would my syntax be? thank you.

[jvierra]

You can do that on the deployment menu by choosing the user account.

Select "Deploy". Under "Packager", "Settings". Select the "Output" tab and set the alternate credentials as directed.

[mqh77777]

OK, here is my entire code: Each registry value exists and contains the correct information.

$form1_Load={
$Computer1 = (get-ItemProperty hklm:\System\Build\Deploy).OriginalPCName
$GetOU = (get-ItemProperty hklm:\System\Build\Deploy).MachineOU
Get-AdComputer "$Computer1" | Move-AdObject -Target "$GetOU"
$form1.Close()
}

then under Packager\Settings\Output Settings I have

Alternate Credentials
domain\user password=p@$$word1
Run Mode: RunAs User

My machine is never moved to the new OU which is specified in $GetOU.

[jvierra]

Move-AdObject also has a credential parameter.
A machine cannot be moved until it is rebooted.