July 2018 - IT Droplets

There are three main ways to run a command as a different user in Powershell, besides the classing Right click shift. This article will show you how to do that, within the same Powershell session.
By the same Powershell session, I mean something like this:

You’re logged on as ITDroplets\UserA.
You have a powershell script/console running as UserA.
Within that powershell script/console, you want to run a command as ITDroplets\UserB.

In the Options below, I will consider the above example and I will run “Get-Process Explorer” as UserB. This is very handy when running elevated commands, for instance when UserA is a standard user account and UserB has local admin rights. Of course, Get-Process Explorer doesn’t really need elevation 🙂
Remember that the examples are super concentrated, which means I didn’t add any check to see if the command ran successfully etc. They’re there as pure examples, you can then shape them to fit your needs.

Option 1 – System.Diagnostics.ProcessStartInfo

#Get UserB credential
$Credential = Get-Credential itdroplets\UserB

#Use System.Diagnostics to start the process as UserB
$ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo
#With FileName we're basically telling powershell to run another powershell process
$ProcessInfo.FileName = "powershell.exe"
#CreateNoWindow helps avoiding a second window to appear whilst the process runs
$ProcessInfo.CreateNoWindow = $true
#Note the line below contains the Working Directory where the script will start from
$ProcessInfo.WorkingDirectory = $env:windir
$ProcessInfo.RedirectStandardError = $true 
$ProcessInfo.RedirectStandardOutput = $true 
$ProcessInfo.UseShellExecute = $false
#The line below is basically the command you want to run and it's passed as text, as an argument
$ProcessInfo.Arguments = "Get-Process Explorer"
#The next 3 lines are the credential for UserB, as you can see, we can't just pass $Credential
$ProcessInfo.Username = $Credential.GetNetworkCredential().username
$ProcessInfo.Domain = $Credential.GetNetworkCredential().Domain
$ProcessInfo.Password = $Credential.Password
#Finally start the process and wait for it to finish
$Process = New-Object System.Diagnostics.Process 
$Process.StartInfo = $ProcessInfo 
$Process.Start() | Out-Null 
$Process.WaitForExit() 
#Grab the output
$GetProcessResult = $Process.StandardOutput.ReadToEnd()
#Print the Job results
$GetProcessResult

#Get UserB credential

$Credential = Get-Credential itdroplets\UserB

#Use System.Diagnostics to start the process as UserB

$ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo

#With FileName we're basically telling powershell to run another powershell process

$ProcessInfo.FileName = "powershell.exe"

#CreateNoWindow helps avoiding a second window to appear whilst the process runs

$ProcessInfo.CreateNoWindow = $true

#Note the line below contains the Working Directory where the script will start from

$ProcessInfo.WorkingDirectory = $env:windir

$ProcessInfo.RedirectStandardError = $true

$ProcessInfo.RedirectStandardOutput = $true

$ProcessInfo.UseShellExecute = $false

#The line below is basically the command you want to run and it's passed as text, as an argument

$ProcessInfo.Arguments = "Get-Process Explorer"

#The next 3 lines are the credential for UserB, as you can see, we can't just pass $Credential

$ProcessInfo.Username = $Credential.GetNetworkCredential().username

$ProcessInfo.Domain = $Credential.GetNetworkCredential().Domain

$ProcessInfo.Password = $Credential.Password

#Finally start the process and wait for it to finish

$Process = New-Object System.Diagnostics.Process

$Process.StartInfo = $ProcessInfo

$Process.Start() | Out-Null

$Process.WaitForExit()

#Grab the output

$GetProcessResult = $Process.StandardOutput.ReadToEnd()

#Print the Job results

$GetProcessResult

(more…)

Month: July 2018

Run a command as a different user in Powershell

Option 1 – System.Diagnostics.ProcessStartInfo