Im pretty sure there is a way i can do this, but not sure the approach.
I need to have a function/script that will make a change to a system that requires admin level access, but the person executing the function only has basic permissions. So i need a way to run the function or script under the elevated permissions but without having to supply the password?
I know i can pull the password in from a file, but i doubt i will be allowed to do this. I can type the password in once to setup the secure object, but then the session would need to remain open etc.
You pass the script/cmdlet a PSCredential object that has permissions on the remote system. You store the encrypted pwd of the PSCredential object for future use using something like Get-SBCredential of the SB-Tools module. Example:
You will be asked for the pwd of the $RemoteUserName the first time you run this for a given user.
If you mistype the pwd or want to change it, use the -Refresh parameter with the Get-SBCredential cmdlet.
Encrypted pwd is tied to the user, meaning that copying the encrypted pwd file will not work if run under another user context.