Menu
I'm trying to run a script that requires Administrator input in order to process certain things. Rather than have the script run unsuccessfully I'm trying to trap the error and throw it back into the Credentials, but I can't find a command I can pass Local Admin Credentials with to a Trap. Does anyone have anything that might work?
I've found MANY that will check domain credentials, but this is a LOCAL Admin account.
To clarify, I am using:
$Cred = Get-Credential
I need to verify the output from that is correct and has Admin access to run stuff further down in the script.
Working Solution (Thanks to User978511)
$Cred = Get-Credential
$Computer = (gwmi Win32_ComputerSystem).Name
$User = $Cred.Username
$Pass = $Cred.GetNetworkCredential().Password
$Users = ("$Computer"+"$User")
Add-Type -assemblyname System.DirectoryServices.AccountManagement
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$DS.ValidateCredentials($Users, $pass)
if ($Result -ne "True")
{
<Perform Tasks Here>
}
258
To find local administrators with PowerShell you can use the Get-LocalGroupMember command. The above example is running the command on the local computer. To run on a remote computer you can use the invoke-command. For this command to work you will need to have PowerShell Remoting enabled.
Open PowerShell by right-clicking on the Windows start menu and choose the one that says, Administrator. The first command you'll need to enter is whoami and press enter. The second command to enter is Get- LocalUser -Name You username here | Select Principal Source. Don't forget to press enter.
Double-click the Administrators group from the right pane. Look for the user name in the Members frame: If the user has administrator rights and is logged in locally, only his user name displays in the list. If the user has administrator rights and is logged into the domain, Domain Name\User name displays in the list.
Type net localgroup groupname, where groupname is the name of the group you want to list. For example, if the group name is Administrators, you would type net localgroup Administrators. Then press Enter. Observe the list of users in the local group.
function Is-Current-User-Admin
{
return ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
}
This will return you local admins (another answer is probably better fit here):
$group =[ADSI]"WinNT://./Administrators"
$members = @($group.psbase.Invoke("Members"))
$admins = $members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
And this will check credentials:
Add-Type -assemblyname system.DirectoryServices.accountmanagement
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$DS.ValidateCredentials("test", "password")
All you have to do is to check that credentials are ok and that user is member of Admins group
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
