运行 powershell 或命令行时要求用户输入用户名

Question

I'm trying to create a command to add a domain user to the local administrator group. I already have the command to do it:

Add-LocalGroupMember -Group "Administrators" -Member domain\user

or

net localgroup Administrators Domain\user /add

But I need to ask the user to insert him credentials when run the script. How do I do this?

Answer 1

Get-Credential is what you want:

$cred = Get-Credential

This will prompt the user to enter their username and password in a secure fashion. However...

You can't add a user to a group you aren't a member of, or at least have permissions delegated to manage members of that group (such as local Administrators). If the running user could do this already, entering their credentials wouldn't be required.

If the running user were already in Administrators , you would not need this either, just provide the target principal name (since adding yourself to the Administrators group requires that you already be in Administrators ) and make sure your session is elevated.

---

Honestly, just use a Restricted Groups GPO to control domain users and their local group status. You don't want local users able to manage their local admin group in most situations anyways. If someone does change the membership, the change will gracefully revert on the next gpupdate interval.

Answer 2

You can use:

$Credentials = Get-Credential

It will give you windows login window.

Also there is a way to extract that data like this:

$Credentials = Get-Credential
$Credentials.Password | ConvertFrom-SecureString | Set-Content C:\test\password.txt
$Username = $Credentials.Username
$Password = Get-Content “C:\test\password.txt” | ConvertTo-SecureString
$Credentials = New-Object System.Management.Automation.PSCredential $Username,$Password

There is more in here:

https://sysadminguides.org/2017/05/02/how-to-pass-credentials-in-powershell/

Hope it helps;-)