Support Forums

How to use 'Run As Specified User' credentials in my script further ?

Ask questions about creating Graphical User Interfaces (GUI) in PowerShell and using WinForms controls.
Forum rules
Do not post any licensing information in this forum.
User avatar
ashish44s
Posts: 17
Joined: Thu Feb 11, 2016 10:06 am

How to use 'Run As Specified User' credentials in my script further ?

Postby ashish44s » Thu Feb 11, 2016 11:53 am

Hi All,

Greetings !!!

I'm using PowerShell Studio 2012 to create one tool to perform different administrative tasks. I do not want to run the output tool.exe as an administrator. I want to run that as 'Run As Different User' and provide credentials at that time. Also, I want to use those credentials further in my script to perform several tasks on remote computers without providing them again and again during run-time.

Can you please help to suggest a method to do that ?

Thanks...
User avatar
pringtef
Posts: 45
Joined: Tue Feb 14, 2012 11:23 pm

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby pringtef » Fri Feb 19, 2016 3:08 am

Hey Ashish44,

Local script actions will run in the context of the user you have selected to run the executable. However, in order to use credentials remotely, you will need to pass in a pscredential object.

windows does not store the actual username and password, but a hash, so you're unable to manually 'grab' these to convert into a pscredential object.

If you create a credential object once in your script though, this can be stored and used for any of your remote processes, using the -credential parameter.

Here's a function i've written that you can use to return a pscredential object. For using it, you just need to do something like this :

$mycredentialobject = new-credential -username 'my username' -password 'my password'

And then you are free to use $mycredentialobject as you wish for remote sessions. Remember to set the scope accordingly though.


function New-Credential
{
[CmdletBinding()]

Param
(
[Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string] $Username,
[Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string] $Password
)

Process
{
$secpasswd = ConvertTo-SecureString -String $Password -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($Username, $secpasswd)
$credential
}

}
[/pre]
User avatar
jvierra
Posts: 9716
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby jvierra » Fri Feb 19, 2016 3:26 am

If you start an EXE with alternate credentials you will be able to access any remote resource that the alternate user has access to. There I so need to supply credentials. Windows authentication handles all of that. What you cannot do is use alternate credentials to remote with WMI to the current host.

Example:

PS C:\scripts> gwmi win32_bios -ComputerName alpha -Credential alpha\admin
gwmi : User credentials cannot be used for local connections
At line:1 char:1
+ gwmi win32_bios -ComputerName alpha -Credential alpha\admin
User avatar
pringtef
Posts: 45
Joined: Tue Feb 14, 2012 11:23 pm

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby pringtef » Fri Feb 19, 2016 3:40 am

Also depends on the authentication model you need to use though as well. Double hop will require CredSSP authentication, which requires a cred object.
User avatar
jvierra
Posts: 9716
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby jvierra » Fri Feb 19, 2016 3:48 am

pringtef wrote:Also depends on the authentication model you need to use though as well. Double hop will require CredSSP authentication, which requires a cred object.


Try but the question is how to run all of the code under alternate credentials without reentering credentials. SSP should not be used in a domain without paying strict attention to securing all systems configured to use SSP. It passes credentials around and exposed them. Standard authentication (Kerberos) does NOT pass credentials around. This is why CredSSP is not configured by default. It I riskier.
User avatar
pringtef
Posts: 45
Joined: Tue Feb 14, 2012 11:23 pm

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby pringtef » Fri Feb 19, 2016 3:53 am

Agree. :-)
User avatar
ashish44s
Posts: 17
Joined: Thu Feb 11, 2016 10:06 am

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby ashish44s » Fri Feb 19, 2016 9:18 am

Thank you for all the helpful reply. Those are really good reference.

I'm launching EXE by just double-click and in script I've defined a global $cred variable and using/calling the same in whole script. It's solving my purpose for now and I didn't come across any issue yet :)
User avatar
dan.potter
Posts: 632
Joined: Wed Oct 08, 2014 6:02 am

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby dan.potter » Fri Feb 19, 2016 1:44 pm

Just a thought. Use splatting to add or exclude the credentials parameter on command.

put a checkbox on the form for alternate creds to be used or not. Set your options based on that checkbox.

not actual code: if($checkbox.checked){$options = @{foregroundcolor = 'green'}}else{$options = @{}}

write-host 'options' @$options
Last edited by dan.potter on Fri Feb 19, 2016 1:51 pm, edited 1 time in total.
User avatar
dan.potter
Posts: 632
Joined: Wed Oct 08, 2014 6:02 am

Re: How to use 'Run As Specified User' credentials in my script further ?

Postby dan.potter » Fri Feb 19, 2016 1:51 pm

Hopefully a better explanation.

$options = @{credential = $cred}

write-host get-aduser someone @options

$options = @{}

write-host get-aduser someone @options

Return to “PowerShell GUIs”

Who is online

Users browsing this forum: 450ERSC and 4 guests