How can I call a PowerShell script as a particular user from the Windows command prompt?
Solution 1
There are a few ways to run a program or script as another user from within a script:
The built-in command line application RUNAS
The Windows Command Line RUNAS
command would look like a good solution to your problem if you were able to specify the credentials.
RUNAS /user:[email protected] "powershell pshell.ps1"
As you have said, however, you need to run this task from CONTROL-M, so this is not possible. It is also then not possible to run the task from Task Scheduler as I suggested in a comment and another answer has suggested.
Therefore, my next suggestion is to use a PowerShell script to do this:
The PowerShell scriptlet Invoke-Command
Firstly, you need to enable Win-RM to allow this to work. To do so, type the following in an elevated (i.e. run as administrator) command prompt:
winrm /quickconfig
Next, write a script with the stored credentials you want. Note that this will be stored as plain text, so if you are not willing to do that you will need to look at using a secure credential file.
$username = "DOMAIN\User"
$password = "Password"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
Invoke-Command -FilePath "C:\Script\To\Execute.ps1" -Credential $cred -Computer localhost
Naturally, you need to replace C:\Script\To\Execute.ps1
with the file path to your PowerShell script you want to run, and replace DOMAIN\User
and Password
with the user you want to run as and their password, respectively.
This script will now run as the user specified above.
However, you may be unwilling or unable to use a PowerShell script, and so your last solution rests in a third party application, such as:
SysInternals PsExec
PsExec is a completely free tool offered for download on TechNet specifically designed for running commands, applications, etc. on remote computers. It works perfectly well on the local machine and believe it or not, allows you to specify the specific user (and password!) you want the application to run with.
- Download and extract the application
- Put the application somewhere in your
PATH
attribute (SET PATH=C:\PsExec;%PATH%
works, if you installed it to C:\PsExec) - Run the command
psexec -u DOMAIN\user -p password script.ps1
with the appropriate changes.
Solution 2
If you plan on running a batch file that calls a PowerShell script in a scheduled task, you can use the security options of the task scheduler. That's how I would handle running as a different user.
As for calling a PowerShell script from a batch file I usually do something like this:
@ECHO OFF
powershell.exe -executionpolicy unrestricted -File "C:\Scripts\Do-Something.ps1"
You can get all the command line arguments from powershell /?
.
You can put that in a .bat
file and run that as the scheduled task's action; or you can put powershell.exe
as the action and give it the arguments of -executionpolicy unrestricted -File "C:\Scripts\Do-Something.ps1"
in the scheduled task. I prefer the latter because I have one less script file to play with.
user2075017
Updated on August 13, 2020Comments
-
user2075017 over 3 years
When I run a PowerShell script while already logged into a machine as the user named 'abc' the script runs as the user 'abc'.
The command I am running in cmd is:
powershell pshell.ps1
How can I run a PowerShell script using a particular domain user, other than the currently logged in user?
My intention is to run the PowerShell script through the Windows command line.
-
user2075017 over 9 yearsthat does prompts me for a password.I need to run the jobs as particular id without any password prompt.My main motive is to get a job scheduled through control M and whatever owner we give it is hitting the server as SYSTEM.So thought of giving in command line itself with which id it has to be ran.Hope my requirement is clear now.
-
Alastair Campbell over 9 yearsIf you want to schedule a task to run at a certain time, you should really be using the task scheduler, which you can then specify "Run as" as one of the options. There is also a
RUNAS
switch/SAVECRED
which will save the credentials after the first time you enter them. Other than that, the only other way I am aware of to run programs as another user is to use an external tool (such as PsExec - which is a SysInternals tool available freely on TechNet) or PowerShell directly which supports secure strings. -
user2075017 over 9 years.Hi thanks for the solution.But my requirement is to use the control M and we are not permitted to use scheduler.So could you please suggest a better option.when ran through control M the job is being owned by EDAPPS\SYSTEM which we want that to be as a particular user.
-
user2075017 over 9 years..Hi we are looking for the script to be ran on a machine..ok lets make it simple..i am logged in as an user..and there is a need to run the powershell script using command line as a different user.Any pointers on this please?
-
Alastair Campbell over 9 yearsAs I have said before, you have the Windows Command Line application
RUNAS
, you have PowerShell'sInvoke-Command
(both of which I have given working usage examples of) and you have external utilities likePsExec
. All of these are capable of accomplishing that simple scenario you mentioned. -
user2075017 over 9 yearsBoth of them are for sure looks good for me.But the requirement is it shouldnt prompt me for a password.I tried to run the runas command but it prompted me for a password which shouldnt be the case.So Is there any way where i can incorporate password in the RUNAS command line itself like an argument ?
-
Alastair Campbell over 9 yearsI tested around with using piping, both with
echo password | runas...
andtype passwdfile.txt | runas...
but I didn't get it to work. Have you tried Invoke-Command? It doesn't prompt for a password - you just use the PowerShell script to initialise credentials.