Product, version and build: PowerShell Studio 2018 v5.5.150
32 or 64 bit version of product: 64-bit
Operating system: Windows 10
32 or 64 bit OS: 64-bit
I need to run a .ps1 script with elevated credentials.
$form1_Load={
$user = "domain\ElevatedUser"
$secPW = ConvertTo-SecureString -String "Pa$$word123" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($user, $secPW)
Start-Process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Credential $cred -filepath "c:\Windows\BuildFiles\Move.ps1"
$form1.Close()
}
Move.ps1 reads some registry keys which contain an OU path. It then moves the computer to that OU within active directory. My problem is that it never moves the machine. I have even put logging in the Move.ps1 and that never gets written to my output file.
What am I doing wrong in how I call this? I've tried a few different ways to format the start-process line yet nothing has worked.
run as different user
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Re: run as different user
[TOPIC MOVED TO POWERSHELL GUIS FORUM BY MODERATOR]
David
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.
Re: run as different user
I have also tried to place all of the code from "c:\Windows\BuildFiles\Move.ps1" into my Form1 and use Invoke-Command instead. This also does Not move the computer nor does it log anything.
Invoke-Command -Credential $cred -scriptblock {
$Begin = "This is the beginning of the Move script"
$Finish = "This is the end of the Move script"
$Begin | out-file c:\temp\move\move.txt -Append
whoami | out-file c:\temp\move\move.txt -Append
import-module -Name C:\windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management -verbose
###########################################################################################
# Move the computer to the correct OU
$Computer = (get-ItemProperty hklm:\System\Build\Deploy).OriginalPCName
$GetOU = (get-ItemProperty hklm:\System\Build\Deploy).MachineOU
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(cn=$computer)"
$result = $search.FindOne()
$computerToMove = [ADSI]$result.path
$computerToMove.psbase.Moveto([ADSI]"LDAP://$GetOU")
# Make sure our variables contain the correct information
$Computer | out-file c:\temp\move\move.txt -Append
$GetOU | out-file c:\temp\move\move.txt -Append
$root | out-file c:\temp\move\move.txt -Append
$ComputerToMove | out-file c:\temp\move\move.txt -Append
whoami | out-file c:\temp\move\move.txt -Append
$Finish | out-file c:\temp\move\move.txt -Append
}
Invoke-Command -Credential $cred -scriptblock {
$Begin = "This is the beginning of the Move script"
$Finish = "This is the end of the Move script"
$Begin | out-file c:\temp\move\move.txt -Append
whoami | out-file c:\temp\move\move.txt -Append
import-module -Name C:\windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management -verbose
###########################################################################################
# Move the computer to the correct OU
$Computer = (get-ItemProperty hklm:\System\Build\Deploy).OriginalPCName
$GetOU = (get-ItemProperty hklm:\System\Build\Deploy).MachineOU
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(cn=$computer)"
$result = $search.FindOne()
$computerToMove = [ADSI]$result.path
$computerToMove.psbase.Moveto([ADSI]"LDAP://$GetOU")
# Make sure our variables contain the correct information
$Computer | out-file c:\temp\move\move.txt -Append
$GetOU | out-file c:\temp\move\move.txt -Append
$root | out-file c:\temp\move\move.txt -Append
$ComputerToMove | out-file c:\temp\move\move.txt -Append
whoami | out-file c:\temp\move\move.txt -Append
$Finish | out-file c:\temp\move\move.txt -Append
}
Re: run as different user
the command has to run as an elevated user. and we'd like it to be a compiled .exe. So what would my syntax be? thank you.
Re: run as different user
You can do that on the deployment menu by choosing the user account.
Select "Deploy". Under "Packager", "Settings". Select the "Output" tab and set the alternate credentials as directed.
Select "Deploy". Under "Packager", "Settings". Select the "Output" tab and set the alternate credentials as directed.
Re: run as different user
OK, here is my entire code: Each registry value exists and contains the correct information.
$form1_Load={
$Computer1 = (get-ItemProperty hklm:\System\Build\Deploy).OriginalPCName
$GetOU = (get-ItemProperty hklm:\System\Build\Deploy).MachineOU
Get-AdComputer "$Computer1" | Move-AdObject -Target "$GetOU"
$form1.Close()
}
then under Packager\Settings\Output Settings I have
Alternate Credentials
domain\user password=p@$$word1
Run Mode: RunAs User
My machine is never moved to the new OU which is specified in $GetOU.
$form1_Load={
$Computer1 = (get-ItemProperty hklm:\System\Build\Deploy).OriginalPCName
$GetOU = (get-ItemProperty hklm:\System\Build\Deploy).MachineOU
Get-AdComputer "$Computer1" | Move-AdObject -Target "$GetOU"
$form1.Close()
}
then under Packager\Settings\Output Settings I have
Alternate Credentials
domain\user password=p@$$word1
Run Mode: RunAs User
My machine is never moved to the new OU which is specified in $GetOU.