Reputation: 359
In Windows, can NT Authority/System run a powershell script as another user
I am running a powershell script remotely via an agent. The agent on the machine runs the powershell script as "NT Authority/SYSTEM" but I want to the switch to another user on the system and run the powershell script.
Below is the code that I used to switch to "Administrator" account but I am getting permission denied error .
$username = "domainname\administrator"
$pw = "XXXXXXXX"
$password = $pw | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $username,$password
Start-Process Powershell.exe -Credential $cred -ArgumentList '-noexit','-File', ' C:\Users\Administrator\test.ps1'
Below is the error I am getting.
Start-Process : This command cannot be run due to the error: Access is denied.
Upvotes: 2
Views: 4474
Answers (3)
Reputation: 101
Sometimes ConvertTo-SecureString does not work with variables with "The system cannot find the path specified" error. In my case that happened, when I tried to execute my script under "NT AUTHORITY\SYSTEM". And saving password in a script is not a good idea :) I would suggest to execute in PowerShell:
ConvertTo-SecureString "your-password" -AsPlainText -Force|ConvertFrom-SecureString
The result will look like (I replaced with dots portion of it):
01000000d08c9ddf0115d1118c7a00...476ee5cd27619ce72296a774f1400000091265bae2a7d2851f8807a9a9d70a7a6a7e6dc91
After that in your script:
$password = ConvertTo-SecureString -String "01000000d08c9ddf0115d1118c7a00...476ee5cd27619ce72296a774f1400000091265bae2a7d2851f8807a9a9d70a7a6a7e6dc91"
Hope this will help
Upvotes: 0
Reputation: 379
I had the exact same issue while trying to launch a powershell script on my Windows 10 guest from a Linux host, through qemu-guest-agent.
Part of what my script did was launching a desktop software and interacting with its gui.
My problem was solved using PsExec.
My agent command :
virsh -c qemu:///system qemu-agent-command my_domain \
'{"execute": "guest-exec", "arguments": { "path": "cmd.exe", "arg": [ "/c", "c:\\path\\to\\my_psexec_script.cmd" ], "capture-output": true }}'
My PsExec script, in the cmd file :
C:\path\to\PsExec.exe -accepteula \\DESKTOP-NAME -u user -p password -i sessionid powershell.exe -File C:\path\to\powershell_script.ps1
This is not a secure solution since the password is stored within the script.
To get the session id of the user of your choice, use the following command :
query session
The reason I used an intermediary script to launch PsExec was simply because it was easier to do so on my guest rather than entering all the arguments from my agent.
I based my solution on this post
It was also important that my script executed in the foreground.
Upvotes: 1
Reputation: 28938
Try using invoke-command like below
$remoteSession=New-PSSession RemoteComputername -credential $credential1
Invoke-Command -session $remoteSession -scriptblock {
$newcredential = New-Object System.Management.Automation.PsCredential("domain\myuser", (ConvertTo-SecureString "password" -AsPlainText -Force))
Start-Process powershell.exe -Credential $newcredential ArgumentList '-noexit','-File', ' C:\Users\Administrator\test.ps1'
}
Upvotes: 0
Related Questions
- Running PowerShell as another user, and launching a script
- Need to run commands within a Powershell script as different user
- How can I execute a line of code as another user?
- Execute Powershell script from C# with administrator privilege and permissions
- Run powershell script as administrator and with a different user account
- Run a PowerShell script with Administrator privileges on other computer
- Run powershell script with elevated command
- How can I call a PowerShell script as a particular user from the Windows command prompt?
- Can I run Powershell commands as admin in PSSession when logged in as other user?
- How to run a PowerShell script from C# as non-elevated user