PS script, request for user credential, run a few commands and signs out domain user when script ends

Cody 321 Reputation points
2024-12-23T17:01:32.28+00:00

How do I write a PowerShell script that asks for user's credentials and run the next few commands as the new user. Once the commands complete, signs out the users

Script:

#Get user domain/user credentials

$USRCreds = Get-Credential

#Run the next few commands as $USRCreds

{if / else statement

}

#Sign out domain user

Continue with other commands......

Or would it be easier to launch another PS within the script and as another user 'domain\user' and then run the script and close the script when completed?

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,707 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marcin Policht 29,650 Reputation points MVP
    2024-12-23T17:06:45.4666667+00:00

    To execute commands as another user in a PowerShell script, you can use the Start-Process cmdlet with the -Credential parameter. Here's a structured way to achieve what you want:

    1. Prompt for user credentials.
    2. Run the commands as the new user in a separate PowerShell process.
    3. Sign out the new user.

    Here’s a PowerShell script template:

    # Get user domain/user credentials
    $USRCreds = Get-Credential
    
    # Define the commands to run as the new user
    $ScriptBlock = {
        # Commands to execute as the new user
        Write-Host "Running commands as: $($env:USERNAME)"
        # Example commands
        Get-Process
        Get-Service
    }
    
    # Run the commands in a new PowerShell process using the provided credentials
    Start-Process -FilePath "powershell.exe" -ArgumentList "-NoProfile -Command & { $($ScriptBlock) }" -Credential $USRCreds -Wait
    
    # Sign out the user (requires admin privileges)
    Write-Host "Signing out user: $($USRCreds.UserName)"
    logoff  # Ensure this is executed on the new user's session if applicable
    
    # Continue with other commands after user session completes
    Write-Host "User session completed. Continuing with the script..."
    

    Note the following:

    1. Credential Prompt: Get-Credential securely collects the user's credentials and stores them in $USRCreds.
    2. Start-Process with -Credential: Launches a new PowerShell process as the specified user. The -Wait parameter ensures that the script waits for the new process to finish before continuing.
    3. Session Sign-Out: Use logoff to terminate the session for the user. You may need to use session management tools (like quser or query session) to ensure you're logging out the correct session.
    4. Script Continuity: The script continues after the user session is signed out.

    If the commands require a full interactive session or need to interact with the desktop, you could create a separate PowerShell script file and invoke it as the new user. This can be done using Start-Process with -Credential pointing to the script file instead of an inline command.


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.