I am playing around with setting up some scripts on a vpn on a client's network. This client generally assigns an ActiveDirectory account on their network and use it to manage permissions (eg. to databases). Ok, that makes sense.
But here is something that confuses me:
start-process runas.exe "/user:CLIENTDOMAIN\George.Mauer /netonly W:\tools\LINQPad4\LINQPad.exe
queries for a password and runs just fine (and I can access the database)
But
Start-Process W:\tools\LINQPad4\LINQPad.exe -Credential (Get-Credential)
and entering CLIENTDOMAIN\\George.Mauer
and my password at the popup prompt always results in an error
Start-Process : This command cannot be run due to the error: The user name or password is incorrect.
Are these not the same thing? What's the difference between runas
and -Credential
? And a secondary question - how do I Start-Job
with my CLIENTDOMAIN\\George.Mauer
credential?
/netonly
runs the process as the current user and only network connections are made with the other credentials.
Start-Process
will run the process (and all its network connections) with the other credentials. There's no way to achieve the /NETONLY
functionality with Start-Process
.
You'd have to p/invoke the Win32 API to achieve /NETONLY functionality. If you're up for the exercise this is the API you'll need to use LOGON_NETCREDENTIALS_ONLY
with:
http://www.pinvoke.net/default.aspx/advapi32/createprocesswithlogonw.html
More resources:
To run a job as a different user:
Start-Job -ScriptBlock {whoami} -Credential (get-credential) | Wait-Job | Receive-Job
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.