{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Lonely孤独者° 的问题《run script block as a specific user with Powershel》','https://www.manongdao.com/q-418197.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am not getting anywhere when using Start-Process / Start-Job cmdlets with -Credential $cred
Problem
I have a service account use in deployment (unattended mode). Previously it has been added to local administrator group. I want to reduce potential damage I could do by removing this user from admin group and explicitly assign folder permissions to this user.
- I rather get a permission error than execute something that is reaching out by accident. Remove-Item "$notdefined\*"
However in this same powershell script i want to be able to elevate to execute things like:
- sc.exe
- app pool restart which requires an admin user.
One of my failed attempts
$job = Start-Job -ScriptBlock {
param(
[string]$myWebAppId
)
Import-Module WebAdministration
Write-Host "Will get the application pool of: IIS:\Sites\$myWebAppId and try to restart"
$appPoolName = Get-ItemProperty "IIS:\Sites\$myWebAppId" ApplicationPool
Restart-WebAppPool "$($appPoolName.applicationPool)"
Write-Host "restart of apppool succeeded."
} -Credential $cred -ArgumentList @("appname")
Write-Host "started completed"
Wait-Job $job
Write-Host "wait completed"
Receive-Job $job -Verbose
Write-Host "receive completed"
Hi this might be an example that might work for you let me know if it does.
While there's no quick and easy way to do this in PowerShell 2.0, version 3.0 (currently in RC, mostly likely RTW very soon given that Windows 8 RTW will appear on MSDN/Technet tomorrow) supports the notion of configuring remoting endpoints with a custom identity. This would be done with the
Register-PSSessionConfigurationcmdlet on the computer where you want the command to run, which may be the local computer. Then, when usingInvoke-Command, provide a session with the-Sessionparameter. The session is created using theNew-PSSessioncmdlet, which lets you specify the computer and the configuration name (which is tied to the custom identity.)Clear as mud?
I ended up enabling WinRM using WinRM quickconfig
I was then able to use Invoke-Command