Limited permissions, elevated function

This topic contains 1 reply, has 2 voices, and was last updated by  Sam Boutros 4 months, 1 week ago.

  • Author
    Posts
  • #91565

    TommyQuality
    Participant

    Hi,
    Im pretty sure there is a way i can do this, but not sure the approach.

    I need to have a function/script that will make a change to a system that requires admin level access, but the person executing the function only has basic permissions. So i need a way to run the function or script under the elevated permissions but without having to supply the password?

    I know i can pull the password in from a file, but i doubt i will be allowed to do this. I can type the password in once to setup the secure object, but then the session would need to remain open etc.

    Any help would be great.

    Thanks

    TommyQ

  • #91568

    Sam Boutros
    Participant

    You pass the script/cmdlet a PSCredential object that has permissions on the remote system. You store the encrypted pwd of the PSCredential object for future use using something like Get-SBCredential of the SB-Tools module. Example:

    #Requires -Version 5
    #Requires -RunAsAdministrator
    
    Install-Module SB-Tools,POSH-SSH -Force
    Import-Module SB-Tools -DisableNameChecking
    
    $RemoteUserName = 'domain\username'
    $Cred = Get-SBCredential $RemoteUserName
    
    Invoke-Command -ComputerName myRemoteComputer -Credential $Cred -ScriptBlock {
        myCommandList
    }
    

    You will be asked for the pwd of the $RemoteUserName the first time you run this for a given user.
    If you mistype the pwd or want to change it, use the -Refresh parameter with the Get-SBCredential cmdlet.
    Encrypted pwd is tied to the user, meaning that copying the encrypted pwd file will not work if run under another user context.

You must be logged in to reply to this topic.