Author Posts

January 16, 2018 at 11:15 am

Hi,
Im pretty sure there is a way i can do this, but not sure the approach.

I need to have a function/script that will make a change to a system that requires admin level access, but the person executing the function only has basic permissions. So i need a way to run the function or script under the elevated permissions but without having to supply the password?

I know i can pull the password in from a file, but i doubt i will be allowed to do this. I can type the password in once to setup the secure object, but then the session would need to remain open etc.

Any help would be great.

Thanks

TommyQ

January 16, 2018 at 11:45 am

You pass the script/cmdlet a PSCredential object that has permissions on the remote system. You store the encrypted pwd of the PSCredential object for future use using something like Get-SBCredential of the SB-Tools module. Example:

#Requires -Version 5
#Requires -RunAsAdministrator

Install-Module SB-Tools,POSH-SSH -Force
Import-Module SB-Tools -DisableNameChecking

$RemoteUserName = 'domain\username'
$Cred = Get-SBCredential $RemoteUserName

Invoke-Command -ComputerName myRemoteComputer -Credential $Cred -ScriptBlock {
    myCommandList
}

You will be asked for the pwd of the $RemoteUserName the first time you run this for a given user.
If you mistype the pwd or want to change it, use the -Refresh parameter with the Get-SBCredential cmdlet.
Encrypted pwd is tied to the user, meaning that copying the encrypted pwd file will not work if run under another user context.