Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

Pass Credentials via PowerShell

I’ve often found it necessary to pass my Administrator domain or Domain Admin (DomAdmin) credentials to run a PowerShell WMI command. Fortunately PowerShell provides 3 different ways of doing just that, not counting using Windows built in runas command. The three methods I’m going to go over are

  1. Entering your own unique credentials
  2. Entering a service account password, ie: the same username (or hard coding a username)
  3. Hard coding a user name and password



Method 1:

Windows PowerShell Credentials Request Box

Windows PowerShell Credentials Request Box

Entering your own unique credentials, this will popup the standard windows login, let’s store our credentials to a variable called $cred, the benefits of doing this if we want to run multiple commands all under this account we can just recall our credentials without having to enter them every single time. In this example, after I retrieve my stored credentials I’ll check to see who is logged onto a computer named dev-ghost. I’ll be using gwmi cmdlet which is just an alias for the Get-WmiObject cmdlet.

1
2
3
4
5
6
PS C:\> $cred = Get-Credential
 
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\> gwmi win32_LoggedOnUser -computer "dev-ghost" -credential $cred




Method 2
In this example, we are going to do the same as above, except we will specify the username, this is perfect for whenever you use service accounts.

1
2
PS C:\>PS C:\> $cred = Get-Credential "dev-ghost\administrator"
PS C:\> gwmi win32_LoggedOnUser -computer "dev-ghost" -credential $cred

Now let’s do the same as above, but instead of saving our credentials to a variable, we will just use it once and call it inline.

1
PS C:\> gwmi win32_LoggedOnUser -computer "dev-ghost" -credential "dev-ghost\administrator"




Method 3
I don’t think password should ever be hard coded into scripts, especially ones that can be decrypted. PowerShell provides a SecureString, this is nothing more than a joke. The reason I call it a joke is because anyone can decrypt a SecureString if they know a little bit of PS. But ignorance is bliss right? So let’s get to it…

1
PS C:\windows\system32\windowspowershell\v1.0> Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\PowerShell\MyPassword.txt

Once you press enter just type in your password, this will save your password to a file called MyPassword.txt. So now that the password is saved as a "SecureString" we can now use these saved credentials.

1
2
$password = type C:\PowerShell\MyPassword.txt | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist “administrator”,$password

and that’s it, your all set to start impersonating your credentials so that you can run scripts or executable under your service accounts.

1 comment to Pass Credentials via PowerShell

Leave a Reply