Ok, I understand the concept of creating encrypted credentials and storing it in the powershell script
Powershell how to encrypt connectionstring to database
But how do I make the powershell script run with elevated credentials when it is being automatically invoked by a third party program?
Below is the code that works beautifully when I manually use "run-as", and I get the last user logged on
$userID=$NULL
$line_array = @()
$multi_array = @()
[hashtable]$my_hash = @{}
foreach ($i in $args){
$line_array+= $i.split(" ")
}
foreach ($j in $line_array){
$multi_array += ,@($j.split("="))
}
foreach ($k in $multi_array){
$my_hash.add($k[0],$k[1])
}
$Sender_IP = $my_hash.Get_Item("sender-ip")
<# Courtesy of http://blogs.technet.com/b/heyscriptingguy/archive/2012/02/19/use-powershell-to-find-last-logon-times-for-virtual-workstations.aspx#>
<#Gather information on the computer corresponding to $Sender_IP#>
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP
<#Determine the build number#>
$Build = $Win32OS.BuildNumber
<#Running Windows Vista with SP1 and later, i.e. $Build is greater than or equal to 6001#>
if($Build -ge 6001){
$Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName $Sender_IP
$Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending
$LastUser = $Win32User | Select-Object -First 1
$UserSID = New-Object System.Security.Principal.SecurityIdentifier($LastUser.SID)
$userId = $UserSID.Translate([System.Security.Principal.NTAccount])
$userId = $userId.Value
}
<#Running Windows Vista without SP1 and earlier, i.e $Build is less than or equal to 6000#>
elseif ($Build -le 6000){
$SysDrv = $Win32OS.SystemDrive
$SysDrv = $SysDrv.Replace(":","$")
$ProfDrv = "\\" + $Sender_IP + "\" + $SysDrv
$ProfLoc = Join-Path -Path $ProfDrv -ChildPath "Documents and Settings"
$Profiles = Get-ChildItem -Path $ProfLoc
$LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles("ntuser.dat.LOG")}
$LastProf = $LastProf | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1
$userId = $LastProf.DirectoryName.Replace("$ProfLoc","").Trim("\").ToUpper()
}
else{
$userId = "Unknown/UserID"
}
if ($userId -ne $NULL){
"userId=" + $userId
}
elseif ($userID -eq $NULL)
{
$userId = "Unknown/UserID"
"userId=" + $userId
}
But if I don't manually invoke the powershell with Run-As, I get the following errors
Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At D:\script\dlp_current_user-UPDATED.ps1:32 char:25
+ $Win32OS = Get-WmiObject <<<< -Class Win32_OperatingSystem -ComputerName $Sender_IP
+ CategoryInfo : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:51 char:30
+ $SysDrv = $SysDrv.Replace <<<< (":","$")
+ CategoryInfo : InvalidOperation: (Replace:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Get-ChildItem : Cannot find path '\\10.1.202.240\Documents and Settings' because it does not exist.
At D:\script\dlp_current_user-UPDATED.ps1:54 char:30
+ $Profiles = Get-ChildItem <<<< -Path $ProfLoc
+ CategoryInfo : ObjectNotFound: (\\10.1.202.240\Documents and Settings:String) [Get-ChildItem], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:55 char:65
+ $LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles <<<< ("ntuser.dat.LOG")}
+ CategoryInfo : InvalidOperation: (GetFiles:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:57 char:46
+ $userId = $LastProf.DirectoryName.Replace <<<< ("$ProfLoc","").Trim("\").ToUpper()
+ CategoryInfo : InvalidOperation: (Replace:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
userId=Unknown/UserID
And the output is userId=Unknown/UserID
How to troubleshoot this???
EDIT:
So I am trying to include -Credential when invoking Get-WmiOjbect
$cred = Get-Credential -Credential "Domain\Elevated_Account"
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP -Credential $cred
And right now it prompts me for a password. However when I run the script I get other errors:
Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At D:\script\dlp_current_user-UPDATED.ps1:39 char:31
+ $Win32User = Get-WmiObject <<<< -Class Win32_UserProfile -ComputerName $Sender_IP
+ CategoryInfo : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
New-Object : Constructor not found. Cannot find an appropriate constructor for type System.Security.Principal.SecurityIdentifier.
At D:\script\dlp_current_user-UPDATED.ps1:42 char:26
+ $UserSID = New-Object <<<< System.Security.Principal.SecurityIdentifier($LastUser.SID)
+ CategoryInfo : ObjectNotFound: (:) [New-Object], PSArgumentException
+ FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:43 char:33
+ $userId = $UserSID.Translate <<<< ([System.Security.Principal.NTAccount])
+ CategoryInfo : InvalidOperation: (Translate:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
can't you use the start-process CmdLet :
start-process 'c:\system32\WindowsPowerShell\v1.0\powershell.exe' -verb runas -argumentlist "-file toto.ps1"
toto.ps1 will run in an elevated mode.