Imagine an environment where users have no administrative rights on their machines. Yes, those environments DO happen. Now, you either have a special account to run privileged operations for EACH of them or you have LAPS (link) deployed (which I highly recommend anyway!).
Usually, you’re running things from your local workstation from where you remotely connect with the credentials and all is fine. But there’s the day you’re summoned to the workstation (let it be your Boss’ newest laptop). You’re considered a PowerShell guru. You won’t fall back. You’re logged in as your Boss’ account. You still need to run PowerShell script as alternate user (lets call it SuperAdmin) but also as Administrator (to flush DNS settings). What do you do?
Cookbook by Lee Holmes
You can user Start-ProcessAsUser from PowershellCookbook module:
You can also create a simple Start-Process inception.
In our example it will look like this:
Credentials from file
This can be also used to consume stored credentials in xml file. This can be used to retrieve credentials from file i.e. when scheduled tasks are used. Once, for each user and each machine that this should be used you need to write credentials to file:
Then you can create a ps1 script file that will be invoked from scheduled tasks:
No silver bullet though
This is not perfect, as your Boss can use the same command to extract stored credentials from funnycats.jpg and use it at his own fun.
If you have any comments – feel free to contact me.