none
Powershell script, Not able to run start-process using stored credential RRS feed

  • Question

  • Hello,

    I am trying to run the following script but gets an error "Start-Process : This command cannot be executed due to the error: Logon Failure: Unknown user name or bad password"

    #STORED CREDENTIAL CODE
    $AdminName = Read-Host "Enter your Admin AD username"
    $CredsFile = "~\AppData\Local\PowershellCreds.txt"
    $FileExists = Test-Path $CredsFile
    if  ($FileExists -eq $false) {
        Write-Host Enter your password: -ForegroundColor Red
        Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File $CredsFile
        $password = get-content $CredsFile | convertto-securestring
        $Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist domain\$AdminName,$password}
    else  
        {
        $password = get-content $CredsFile | convertto-securestring
        $Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist domain\$AdminName,$password}
    start-process c:\sysinternalssuite\procmon.exe -credential $cred
    #END OF STORED CREDENTIAL CODE

    I am trying to use alternate credentials than the logged in user. My logged in user is a standard user and the user ID I am using in the script is an admin. I am using the correct user name and password but it keeps giving me this error, if I remove the credential parameter then it works. But I have tried the same script earlier on a different Windows 7 computer and it did work. I don't understand whats going on with this now. No matter what exe file i try to execute it throws the same error back.  I tried to run from windows 7 and windows 2008 R2 machines, Secondary logon service is also running on the machines. Any help would be highly appreciated.

    Thanks!

    Monday, April 29, 2013 10:17 AM

Answers

  • I should probably warn you that there  is no way to do what you are trying to do.  I sorted the code so you could see how your code was kind of a stretch.

    You cannot use alternate credentials to the local machine the way you are trying to do it.  The easiest way to do this is to create a shortcut that forces the program to prompt for admin elevation.


    ¯\_(ツ)_/¯

    • Marked as answer by Abu Ameen Tuesday, April 30, 2013 8:29 AM
    Monday, April 29, 2013 1:15 PM

All replies

  • From your code it is not possible to tell what you are trying to do.

    Here is a restructure that may help you understand better how to use PowerShell.  THe following is closer to what you are trying to do.


    $CredsFile='AppData\Local\Creds.xml'
     
    #if the file exists
    if(Test-Path $CredsFile){
    
        $creds=Import-CliXml $CredsFile
        Start-Process c:\sysinternalssuite\procmon.exe -credential $creds
    
    }else{
    
         Start-Process c:\sysinternalssuite\procmon.exe -credential ($creds=Get-Credential domain\)
         # if credentials entered then save to file
         if($creds){
              $creds | Export-CliXml $CredsFile
         }
    }



    ¯\_(ツ)_/¯





    • Edited by jrv Monday, April 29, 2013 1:27 PM
    Monday, April 29, 2013 1:08 PM
  • I should probably warn you that there  is no way to do what you are trying to do.  I sorted the code so you could see how your code was kind of a stretch.

    You cannot use alternate credentials to the local machine the way you are trying to do it.  The easiest way to do this is to create a shortcut that forces the program to prompt for admin elevation.


    ¯\_(ツ)_/¯

    • Marked as answer by Abu Ameen Tuesday, April 30, 2013 8:29 AM
    Monday, April 29, 2013 1:15 PM
  • You should also note that, even though the credentials are encrypted in the file,  you should never store admin passwords in a file.  Anyone who can get to your console can grab the password in less that 30 seconds and bots and Trojans can also read it.

    As long as you can use a secure string as a password your account can decrypt it.  It is NOT saved as a one way encryption.  The system saves passwords as a one way encryption.  The system store passwords cannot be decrypted by any normal means.  Pass words saved as a secure string can always be decrypted.


    ¯\_(ツ)_/¯

    Monday, April 29, 2013 1:30 PM
  • This will work if you run as an account different than the one you are logged in with.  if you try this with the current account you will be told that you need elevated privileges to access a resource that requires elevation.

    ¯\_(ツ)_/¯

    Monday, April 29, 2013 1:37 PM