Script Tips
An Admin Impersonating a User
Running scripts while logged on as a domain user: Can it be done?
Here's another letter from the reader mailbag:
James asks, "What’s the best way to run a script as an admin, while logged in as a domain user?" Sadly, James, there’s no good way, let alone a best way. Assuming your script does things other than pure WMI or ADSI (which allow the script itself to specify alternate credentials), all you can do is execute the script using the RunAs command-line utility.
And, sadly, there’s no reliable, easy way to "automate" the RunAs tool: It won’t accept a password as a command-line argument. That’s on purpose -- Microsoft doesn't want people hardcoding passwords into scripts and batch files. There’s also no way for a VBScript to prompt for credentials and then assert a new identity under which the rest of the script would run.
Probably the only real alternative is a third-party script packager (Both iTripoli and SAPIEN Technologies offer script editors with built-in packagers) that can bundle your script into a standalone executable, including alternate credentials under which the script is actually launched.
About the Author
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.