I've been a member of SO for a year and this is my first ever question!
I am currently developing a WinForms application in C# that invokes PowerShell scripts. It is not designed to be a comprehensive handler for all of PowerShell's capabilities, but merely executes a small selection of scripts with simple, pre-agreed parameter types only.
Some of the scripts require elevated permissions to run successfully. No problem - there seems to be at least 2 ways round this:
1. Impersonation. The application performs the authorisation and invokes powershell under these credentials. I hit a problem early on with this, in that the impersonated/elevated user may not have the permissions to invoke powershell commands on the user's local machine - as the local machine may not have the appropriate ExecutionPolicy, and the elevated user would therefore have to access the Registry to change this. I have no sway in altering permissions. Which leads me towards:
2. Credentials as a Variable. Simple. Scripts have a variable such as:
[PSCredential]$credential
which the application can supply by prompting the user for the user name and password for this account.
My question is this: Is there a way to obtain a PSCredential object from the currently logged-in user, as some kind of default for my app?
I haven't seen anything to suggest this can be done, so if anyone can inundate me as to why this is the case, I would be glad to hear it. It would be feasible to force the application to run as an administrator, if this is of any help.
Thanks for your time.
To get current username in PowerShell, use whoami, GetCurrent() method of WindowsIdentity . Net class or Get-WMIObject cmdlet in PowerShell.
You can use the credential object in security operations. The Get-Credential cmdlet prompts the user for a password or a user name and password. You can use the Message parameter to specify a customized message in the command line prompt.
Typically, to create a PSCredential object, you'd use the Get-Credential cmdlet. The Get-Credential cmdlet is the most common way that PowerShell receives input to create the PSCredential object like the username and password. The Get-Credential cmdlet works fine and all but it's interactive.
The first way to create a credential object is to use the PowerShell cmdlet Get-Credential . When you run without parameters, it prompts you for a username and password. Or you can call the cmdlet with some optional parameters.
There is indeed no way to get the credential for the current user without prompting a user for their input. For one thing, it is quite simple to obtain the clear text password from the "SecureString" password property of the PSCredential
instance.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With