PowerShell的 - 腳本由第三方，如何進行硬編碼升高憑證

Question

好吧，我明白了創建加密憑據並將其存儲在PowerShell腳本

Powershell how to encrypt connectionstring to database

的概念，但我怎麼做調用當第三方程序自動調用powershell腳本時，它將使用提升的憑據運行？

下面是精美的作品，當我手動使用「運行爲」代碼，我得到的最後一個用戶登錄

$userID=$NULL 
$line_array = @() 
$multi_array = @() 
[hashtable]$my_hash = @{} 

foreach ($i in $args){ 
    $line_array+= $i.split(" ") 
} 

foreach ($j in $line_array){ 
    $multi_array += ,@($j.split("=")) 
} 

foreach ($k in $multi_array){ 
    $my_hash.add($k[0],$k[1]) 
} 

$Sender_IP = $my_hash.Get_Item("sender-ip") 




<# Courtesy of http://blogs.technet.com/b/heyscriptingguy/archive/2012/02/19/use-powershell-to-find-last-logon-times-for-virtual-workstations.aspx#> 

<#Gather information on the computer corresponding to $Sender_IP#> 
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP 

<#Determine the build number#> 
$Build = $Win32OS.BuildNumber 


<#Running Windows Vista with SP1 and later, i.e. $Build is greater than or equal to 6001#> 
if($Build -ge 6001){ 
    $Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName $Sender_IP 
    $Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending 
    $LastUser = $Win32User | Select-Object -First 1 
    $UserSID = New-Object System.Security.Principal.SecurityIdentifier($LastUser.SID) 
    $userId = $UserSID.Translate([System.Security.Principal.NTAccount]) 
    $userId = $userId.Value 
} 

<#Running Windows Vista without SP1 and earlier, i.e $Build is less than or equal to 6000#> 
elseif ($Build -le 6000){ 
    $SysDrv = $Win32OS.SystemDrive 
    $SysDrv = $SysDrv.Replace(":","$") 
    $ProfDrv = "\\" + $Sender_IP + "\" + $SysDrv 
    $ProfLoc = Join-Path -Path $ProfDrv -ChildPath "Documents and Settings" 
    $Profiles = Get-ChildItem -Path $ProfLoc 
    $LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles("ntuser.dat.LOG")} 
    $LastProf = $LastProf | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1 
    $userId = $LastProf.DirectoryName.Replace("$ProfLoc","").Trim("\").ToUpper() 
} 

else{ 
    $userId = "Unknown/UserID" 
} 

if ($userId -ne $NULL){ 
    "userId=" + $userId 
} 
elseif ($userID -eq $NULL) 
{ 
    $userId = "Unknown/UserID" 
    "userId=" + $userId 
} 

但是，如果我不手動調用與運行作爲PowerShell的，我收到以下錯誤

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) 
At D:\script\dlp_current_user-UPDATED.ps1:32 char:25 
+ $Win32OS = Get-WmiObject <<<< -Class Win32_OperatingSystem -ComputerName $Sender_IP 
    + CategoryInfo   : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException 
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand 

You cannot call a method on a null-valued expression. 
At D:\script\dlp_current_user-UPDATED.ps1:51 char:30 
+  $SysDrv = $SysDrv.Replace <<<< (":","$") 
    + CategoryInfo   : InvalidOperation: (Replace:String) [], RuntimeException 
    + FullyQualifiedErrorId : InvokeMethodOnNull 

Get-ChildItem : Cannot find path '\\10.1.202.240\Documents and Settings' because it does not exist. 
At D:\script\dlp_current_user-UPDATED.ps1:54 char:30 
+  $Profiles = Get-ChildItem <<<< -Path $ProfLoc 
    + CategoryInfo   : ObjectNotFound: (\\10.1.202.240\Documents and Settings:String) [Get-ChildItem], ItemNotFoundException 
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand 

You cannot call a method on a null-valued expression. 
At D:\script\dlp_current_user-UPDATED.ps1:55 char:65 
+  $LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles <<<< ("ntuser.dat.LOG")} 
    + CategoryInfo   : InvalidOperation: (GetFiles:String) [], RuntimeException 
    + FullyQualifiedErrorId : InvokeMethodOnNull 

You cannot call a method on a null-valued expression. 
At D:\script\dlp_current_user-UPDATED.ps1:57 char:46 
+  $userId = $LastProf.DirectoryName.Replace <<<< ("$ProfLoc","").Trim("\").ToUpper() 
    + CategoryInfo   : InvalidOperation: (Replace:String) [], RuntimeException 
    + FullyQualifiedErrorId : InvokeMethodOnNull 

userId=Unknown/UserID 

，輸出爲用戶id =未知/用戶名

如何解決這個???

編輯：

所以我試圖調用GET-WmiOjbect

$cred = Get-Credential -Credential "Domain\Elevated_Account" 
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP -Credential $cred 

時包括-Credential而現在，它會提示我輸入密碼。然而，當我運行該腳本，我得到其他錯誤：

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) 
At D:\script\dlp_current_user-UPDATED.ps1:39 char:31 
+  $Win32User = Get-WmiObject <<<< -Class Win32_UserProfile -ComputerName $Sender_IP 
    + CategoryInfo   : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException 
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand 

New-Object : Constructor not found. Cannot find an appropriate constructor for type System.Security.Principal.SecurityIdentifier. 
At D:\script\dlp_current_user-UPDATED.ps1:42 char:26 
+  $UserSID = New-Object <<<< System.Security.Principal.SecurityIdentifier($LastUser.SID) 
    + CategoryInfo   : ObjectNotFound: (:) [New-Object], PSArgumentException 
    + FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand 

You cannot call a method on a null-valued expression. 
At D:\script\dlp_current_user-UPDATED.ps1:43 char:33 
+  $userId = $UserSID.Translate <<<< ([System.Security.Principal.NTAccount]) 
    + CategoryInfo   : InvalidOperation: (Translate:String) [], RuntimeException 
    + FullyQualifiedErrorId : InvokeMethodOnNull 

Answer 1

不能使用開始處理的cmdlet：

start-process 'c:\system32\WindowsPowerShell\v1.0\powershell.exe' -verb runas -argumentlist "-file toto.ps1" 

toto.ps1將在提升模式下運行。