I’ve often found it necessary to pass my Administrator domain or Domain Admin (DomAdmin) credentials to run a PowerShell WMI command. Fortunately PowerShell provides 3 different ways of doing just that, not counting using Windows built in runas command. The three methods I’m going to go over are
- Entering your own unique credentials
- Entering a service account password, ie: the same username (or hard coding a username)
- Hard coding a user name and password
Method 1:Entering your own unique credentials, this will popup the standard windows login, let’s store our credentials to a variable called $cred, the benefits of doing this if we want to run multiple commands all under this account we can just recall our credentials without having to enter them every single time. In this example, after I retrieve my stored credentials I’ll check to see who is logged onto a computer named dev-ghost. I’ll be using gwmi cmdlet which is just an alias for the Get-WmiObject cmdlet.
1 2 3 4 5 6
PS C:\> $cred = Get-Credential cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential PS C:\> gwmi win32_LoggedOnUser -computer "dev-ghost" -credential $cred
In this example, we are going to do the same as above, except we will specify the username, this is perfect for whenever you use service accounts.
PS C:\>PS C:\> $cred = Get-Credential "dev-ghost\administrator" PS C:\> gwmi win32_LoggedOnUser -computer "dev-ghost" -credential $cred
Now let’s do the same as above, but instead of saving our credentials to a variable, we will just use it once and call it inline.
PS C:\> gwmi win32_LoggedOnUser -computer "dev-ghost" -credential "dev-ghost\administrator"
I don’t think password should ever be hard coded into scripts, especially ones that can be decrypted. PowerShell provides a SecureString, this is nothing more than a joke. The reason I call it a joke is because anyone can decrypt a SecureString if they know a little bit of PS. But ignorance is bliss right? So let’s get to it…
PS C:\windows\system32\windowspowershell\v1.0> Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\PowerShell\MyPassword.txt
Once you press enter just type in your password, this will save your password to a file called MyPassword.txt. So now that the password is saved as a "SecureString" we can now use these saved credentials.
$password = type C:\PowerShell\MyPassword.txt | ConvertTo-SecureString $cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist “administrator”,$password
and that’s it, your all set to start impersonating your credentials so that you can run scripts or executable under your service accounts.