Limited permissions, elevated function

Welcome Forums General PowerShell Q&A Limited permissions, elevated function

This topic contains 1 reply, has 2 voices, and was last updated by

1 year, 6 months ago.

  • Author
  • #91565

    Topics: 37
    Replies: 47
    Points: 55
    Rank: Member

    Im pretty sure there is a way i can do this, but not sure the approach.

    I need to have a function/script that will make a change to a system that requires admin level access, but the person executing the function only has basic permissions. So i need a way to run the function or script under the elevated permissions but without having to supply the password?

    I know i can pull the password in from a file, but i doubt i will be allowed to do this. I can type the password in once to setup the secure object, but then the session would need to remain open etc.

    Any help would be great.



  • #91568

    Topics: 9
    Replies: 387
    Points: 499
    Helping Hand
    Rank: Contributor

    You pass the script/cmdlet a PSCredential object that has permissions on the remote system. You store the encrypted pwd of the PSCredential object for future use using something like Get-SBCredential of the SB-Tools module. Example:

    #Requires -Version 5
    #Requires -RunAsAdministrator
    Install-Module SB-Tools,POSH-SSH -Force
    Import-Module SB-Tools -DisableNameChecking
    $RemoteUserName = 'domain\username'
    $Cred = Get-SBCredential $RemoteUserName
    Invoke-Command -ComputerName myRemoteComputer -Credential $Cred -ScriptBlock {

    You will be asked for the pwd of the $RemoteUserName the first time you run this for a given user.
    If you mistype the pwd or want to change it, use the -Refresh parameter with the Get-SBCredential cmdlet.
    Encrypted pwd is tied to the user, meaning that copying the encrypted pwd file will not work if run under another user context.

The topic ‘Limited permissions, elevated function’ is closed to new replies.