none
Can a powershell script gather the credentials of the person who ran it? RRS feed

  • Question

  • I have an interesting problem. I have been working on an automation script for a process we have with a Citrix product called AppLayering. This product has the ability to run a script after an action to output a disk to one of their provisioning boxes. This interface allows me to put in alternate credentials to execute the script. So one of the items in the script is a get-wmiobject call to the other servers in the farm to find out if they have enough disk space to copy the file to them. I keep getting access denied on this even though the user account i specified is an administrator on all of those boxes. More info on how this is executed is a linux appliance kicks off what looks to be a powershell remote process to run the script. So since all of this is being done without user interaction or a visual prompt, is there a way to gather the current credentials of the person running the script? I do not want to farm a secure string from a share, and i don't want to store credentials in the script. Any other thoughts would be helpful. Thanks

    Monday, October 14, 2019 5:47 PM

All replies

  • Please ask Citrix related questions in a Citrix forum. Th8is is not a support forum and there is no way we can guess at how this specialized third-party system is intended to work.


    \_(ツ)_/

    Monday, October 14, 2019 8:08 PM
    Moderator
  • Really? Because my question is a powershell question not a Citrix one. I've got some other powershell double hop where it dumps the creds and I'd like to pass them on without storing a file or putting creds in the script.

    maybe i should rephrase my question. 

    When executing a script Can i capture the credentials of the person executing it and store that in a credential object without prompting? 

    thanks

    • Edited by Travis Adams Wednesday, October 16, 2019 1:18 PM
    Wednesday, October 16, 2019 11:14 AM
  • If you want the current account that the scrip is running under then just use "$env:USERNAME". This may or may not be valid for your request if the script is being processed by an external tool hence the reference to contacting Citrix.


    \_(ツ)_/

    Wednesday, October 16, 2019 11:24 AM
    Moderator
  • i get the username I'm expecting from that... (my example $ScriptUser = "$env:userdomain\$env:username")

    my issue post just getting the username, is passing the credentials through to another session (powershell double hop) I'm wanting to do this without prompting. I don't want to hard code a password in the script, and I'm not 100% sold on using secure string to get the password from a hashed value from a file. Are there any other options? 

    Monday, October 21, 2019 5:48 PM
  • i get the username I'm expecting from that... (my example $ScriptUser = "$env:userdomain\$env:username")

    my issue post just getting the username, is passing the credentials through to another session (powershell double hop) I'm wanting to do this without prompting. I don't want to hard code a password in the script, and I'm not 100% sold on using secure string to get the password from a hashed value from a file. Are there any other options? 

    There is no way to do this.  You must provide credentials with a password and there is no way to acquire the current password.  THink about it.  This would make everyone's password easy to hack.


    \_(ツ)_/

    • Proposed as answer by Gijs Kerstens Tuesday, October 22, 2019 6:06 AM
    Monday, October 21, 2019 5:58 PM
    Moderator
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 8, 2019 1:51 PM
    Moderator