Windows Prompt Box

Welcome Forums General PowerShell Q&A Windows Prompt Box

Viewing 6 reply threads
  • Author
    Posts
    • #204654
      Participant
      Topics: 3
      Replies: 2
      Points: 37
      Rank: Member

      Hi Folks,

      Because our domain name is so long, when the “Windows Powershell Credential Request” box appears; the User Name field is already filled and the user gets confused where to add his/her username.

      Any way to save the domain name in my script so when prompted for credentials; the User Name field is empty and the user will only need to enter his/her AD username? This will then be combined with the domain to be password on for credential check?

      My script:

      $host.UI.RawUI.WindowTitle = "Active Directory Users and Computers"
      
      while ($true) 
      {
      try {
      Start-Process powershell -Credential (Get-Credential "$env:USERDNSDOMAIN\") -ArgumentList "$Env:WinDir\System32\dsa.msc" -ErrorAction Stop
      break
      }
      catch {
      Write-Output "Missing/Invalid Credentials"
      Write-Output "Please ensure you AD account is not locked"
      Write-Host "";
      Write-Output "Enter Credentials again? [Yes/No]"
      if ((Read-Host) -ne "Yes") { break }
      
      }
      }

      I hope I was clear, if not, please ask!

      Thanks in advance 🙂

    • #204657
      Participant
      Topics: 6
      Replies: 93
      Points: 428
      Helping Hand
      Rank: Contributor

      What about

      Get-Credential -Username "$ENV:UserDomain\$ENV:UserName" -Message 'Enter your password'

      This should only require a PW.

      • #204900
        Participant
        Topics: 3
        Replies: 2
        Points: 37
        Rank: Member

        My apologies,

        The usernames are different from the user’s current logged in usernames. So users will need to enter their admin username separately.

    • #204810
      Participant
      Topics: 12
      Replies: 1623
      Points: 2,565
      Helping Hand
      Rank: Community Hero

      Not sure what parts of the credential object get used. The username property is a Read-Only. Using GetNetworkCredential() seems to be entirely different set of properties, which can be set. You can set the Domain, but setting that or the UserName does not change the value of the direct Username property. Worst case, your can basically tear the PSCredential apart and rebuild it with the domain:

      PS C:\Users\rasim> 
      $pwd = ConvertTo-SecureString 'Password123' -AsPlainText -Force
      $creds =  New-Object -TypeName PSCredential -ArgumentList 'Myuser', $pwd
      
      PS C:\Users\rasim> $creds.GetNetworkCredential().Domain = 'MyDomain'
      
      
      PS C:\Users\rasim> $creds.UserName
      Myuser
      
      PS C:\Users\rasim> $creds.UserName = 'NewVal'
      'UserName' is a ReadOnly property.
      At line:1 char:1
      + $creds.UserName = 'NewVal'
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
          + FullyQualifiedErrorId : PropertyAssignmentException
      
      PS C:\Users\rasim> $creds.GetNetworkCredential().Username
      Myuser
      
      PS C:\Users\rasim> $creds.GetNetworkCredential().Password
      Password123
      
      PS C:\Users\rasim> $creds.GetNetworkCredential().Domain
      MyDomain
      
      PS C:\Users\rasim> 
      $pwd = ConvertTo-SecureString $creds.GetNetworkCredential().Password -AsPlainText -Force
      $newCreds =  New-Object -TypeName PSCredential -ArgumentList ("MyDomain\{0}" -f $creds.UserName), $pwd
      
      
      PS C:\Users\rasim> $newCreds
      
      UserName                            Password
      --------                            --------
      MyDomain\Myuser System.Security.SecureString
      
      
      PS C:\Users\rasim> $newCreds.GetNetworkCredential().Domain
      MyDomain
      
    • #204954
      Participant
      Topics: 6
      Replies: 93
      Points: 428
      Helping Hand
      Rank: Contributor

      OK, you say:

      My apologies,

      The usernames are different from the user’s current logged in usernames. So users will need to enter their admin username separately.

      That being the case, and going back to your original script, if they must enter two fields, prompt them for the username, then use that in get cred, they then enter the PW. Either way, they have two fields to enter.

      $UserName = Read-Host 'Enter your ADMIN User Name'

      Get-Credential -Username "$ENV:UserDomain\$UserName" -Message 'Enter your password'

      Am I missing something here? My apology.

      • This reply was modified 3 months, 1 week ago by TonyD05.
      • #205227
        Participant
        Topics: 3
        Replies: 2
        Points: 37
        Rank: Member

        This works!

        Only one point to make this work better – When I do the following steps; I get an extra credentials prompt:

        1. Run .ps1
        2. Prompted to enter AD username > entered
        3. Prompted to enter password > clicked Cancel
        4. I get another Windows Powershell credential request but all fields empty. It would be great if this window can be eliminated all together and have the script move on (this only happens if I click cancel again)

        My updated script:

        $host.UI.RawUI.WindowTitle = "Active Directory and Computers Management"
        $UserName = Read-Host 'Please enter your AD Username'
        
        while ($true) 
        {
        try {
        Start-Process powershell -Credential (Get-Credential -Username "$ENV:UserDomain\$UserName" -Message 'Enter your password') -ArgumentList "$Env:WinDir\System32\dsa.msc" -ErrorAction Stop
        { break }
        }
        catch {
        Write-Output "Missing/Invalid Credentials"
        Write-Output "Please ensure you AD account is not locked"
        Write-Host "";
        Write-Output "Enter Credentials again? [Y/N]"
        if ((Read-Host) -ne "Y") { break }
        
        }
        }

        Otherwise, I will mark this as the answer shortly.

        Thanks for your help!

    • #204996
      Participant
      Topics: 1
      Replies: 20
      Points: 109
      Helping Hand
      Rank: Participant

      Out of curiosity, why is your sign in domain so long?  Can you add a UPN and assign the admin accounts to it?

      Get-AdForest | Set-ADForest -UPNSuffixes @{Add="short.upn"}
      Set-ADUser -UserPrincipalName adminaccount@short.upn -Identity adminaccount

      I, personally, like things simple, if special things need to be done to accommodate something arbitrary, like the number of keys that need to be pressed in order to log in, I like to try to reduce the monotony enforced on the users of the systems, and a UPN suffix is an easy fix for a long logon domain.

    • #205758
      Participant
      Topics: 6
      Replies: 93
      Points: 428
      Helping Hand
      Rank: Contributor

      The double creds may have to do with your while logic, maybe try this:

      While($TryAgain) {
      ........
            if (($TryAgain = Read-Host) -ne "Y") { break }
      }

       

       

      • This reply was modified 3 months, 1 week ago by TonyD05.
      • This reply was modified 3 months, 1 week ago by TonyD05.
      • This reply was modified 3 months, 1 week ago by TonyD05.
      • This reply was modified 3 months, 1 week ago by TonyD05.
    • #206124
      Participant
      Topics: 2
      Replies: 1013
      Points: 2,093
      Helping Hand
      Rank: Community Hero

      You are really over complicating this effort.

      Why are you doing this, and all this console stuff at all…

      Start-Process powershell -Credential (Get-Credential -Username "$ENV:UserDomain\$UserName" -Message 'Enter your password') -ArgumentList "$Env:WinDir\System32\dsa.msc" -ErrorAction Stop

      … Just ask for the user name, pass in the domain with that and move on.

      For example, why not just do:

      # this...
      $UserName = Read-Host 'Please enter your AD Username'
      Start-Process powershell -Credential "$ENV:UserDomain\$UserName" -ArgumentList "$Env:WinDir\System32\dsa.msc"

      # ...Or use dialogs for both and stay out of the console altogether
      [void][Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
      $Title = 'User information'
      $Msg = 'Enter your username:'
      $Username = [Microsoft.VisualBasic.Interaction]::InputBox($msg, $Title)
      Start-Process powershell -Credential "$ENV:UserDomain\$UserName" -ArgumentList "$Env:WinDir\System32\dsa.msc"

       

       

       

Viewing 6 reply threads
  • The topic ‘Windows Prompt Box’ is closed to new replies.