Getting a PSCredential Object

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of Jaap Brasser Jaap Brasser 1 year, 8 months ago.

  • Author
    Posts
  • #23722
    Profile photo of Tim
    Tim
    Participant

    A little setup first...

    I have a Windows 8.1 physical box that is only allow to be logged into with a Domain Admin account. All other accounts are denied via GPO's. On that physical box I am also running virtual machines for Server Administrators, and Workstation Admins that restrict logons to only those accounts via GPOs as well.

    From my Physical box as a domain admin and I am attempting to run a script that will query the other boxes. When running on the other boxes I need to pass the credentials of a user that is authorized to login (e.g. server admin, workstation admin) so that I can read some registry keys. I am using invoke-command do to so (Invoke-Command –computerName $ServerName –ScriptBlock {(Get-ItemProperty).SomeValue} –credentials $Creds

    When I am running the scrips as a Domain Admin on the physical box, or Server Admin on the Server Admin Hyper-V box, or Workstation Admin... you get the point, I don't need to pass credentials to the function to read the keys, I already have access to the remote server but the command does not seem to run with the –credentials $Creds being blank. So I am trying to capture MY credentials of the machine that I am logged into without having to retype my username and password again to pass to in $Creds.

    OR, am I going about this entirely wrong? I am just trying to avoid a bunch of If statements. I just wanted to pass creds that I already possess.

  • #23723
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    If you want to authenticate as the current user, just don't pass anything to the Credential parameter at all (take the -Credential $Creds part out of your command.)

    If you have some code that should optionally use a Credential object, use splatting, like so:

    $splat = @{}
    
    if ($Creds)
    {
        $splat['Credential'] = $Creds
    }
    
    Invoke-Command @splat -ComputerName $ServerName -ScriptBlock { (Get-ItemProperty).SomeValue }
    
  • #23727
    Profile photo of Tim
    Tim
    Participant

    Dave, I think that will do the trick! Now I just have to wait until Monday to get back to work to test it out.

  • #23754
    Profile photo of Jaap Brasser
    Jaap Brasser
    Participant

    Alternatively you could also store your password as an encrypted string and build your credentials objects based on the encrypted string stored on disk.

You must be logged in to reply to this topic.