blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

Run a PowerShell script as a different user

Sometimes it´s required to run a script as a service user on a Windows machine, e.g. for reading file shares as a different user with different permissions or similar tasks. You can easily do this using the following two methods.

Method 1: Run a task as different user with Scheduled Tasks

The first method is to create a new basic task in Computer Management / System Tools / Task Scheduler / Task Schedule Library.

image

Create a New Basic Task and add the desired task with it´s options. When you start a PowerShell script, do it as here: Run PowerShell (or ps.exe) and add the script file with -file <script.ps1> as argument.

image

In the Finish step, ensure that the checkbox Open the Properties dialog... is checked:

image

Then, add the desired credentials by clicking the Change User or Group button.

image

Here, I added another local user "Demo" of that machine. Configure the execution as needed, similar as here.

image

When clicking OK, add the username and the password. Done.

The task will execute the script at the configured time as the user who was specified in the task properties. Alternatively, you can run it anytime in the context menu of that task. Beside the simple configuration, another benefit is that the script execution can be logged in the History.

image

If you just need to run a PowerShell script interactively, you can do it as follows as well.

Method 2: Run a PowerShell script as a different user interactively

Open the Windows PowerShell. Ask for the user´s credentials as follows:

$cred = Get-Credential -UserName 'DOMAIN\USERNAME' -Message ' '

image

Sign-in with a local user or a domain user and the password.

Note: The straight forward process would be to open a new PowerShell window as that user with the command "Start-Process powershell.exe -Credential $cred". Unfortunately, there seems to be a bug in Windows 10 and the new PowerShell window freezes (or reacts only after some waiting time and very slowly, you cannot type anything. See issues at superuser.com, on github or reddit.com, or try it out on your local machine...). So this is simply not working although it should. Well, here´s the work-around!

After the sign-in we have the credentials available in the $cred object. Start another PowerShell instance with these stored credentials and the following parameters with Start-Process:

Start-Process Powershell.exe -Credential $cred `
-ArgumentList '-noprofile -command &{Start-Process Powershell -verb runas}'

image

Confirm the User Account Control window "Do you want to allow this app to make changes on your computer..." by clicking Yes. A new PowerShell command window opens.

You can check the signed-in user with $env:Username. It will show the signed-in user. In my sample it´s user "Demo". Now, you can navigate to your script directory and run your PowerShell script(s) as in this sample. Here I run a script scan.ps1 as the Demo user.

image

Close the window when done.

I hope these two methods help for quick and long-running  PowerShell scripts you need to run as different user.

Loading