How to run PowerShell script from a computer to untrusted domain?

0
votes

I have some PowerShell scripts to update data in active directory. Now I want to run these scripts from another domain joined computer, but the user that is currently logged in does not have admin rights to AD to run the scripts. How can I pass the credentials first to connect to domain as administrator and then run the script?

I know about the command get-credentials but I don't want any manual intervention. There is batch file which runs the script and I want to put the credentials once. I also don't want to show the password to the logged in user. Is there any possibility we can save the password in encrypted format?

2
powershellactive-directory

2 Answers

0
votes

Hope there is trust between the two domains

$Server = 'XXXXXXXXXX'

    $username = 'Domain\XXXXXXXXXX'

    $password = 'XXXXXXXXXX'

    $securepassword = ConvertTo-SecureString $Password -AsPlainText -force

    $cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username,$securepassword)

    Get-ADComputer -Identity $Server -Credential $cred

You can change the entire script in to exe file using PowerGUI and use credentials to save it from being opened.

or

use the script by Brenton J.W. Blawat for encryption located at http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Script-410ef9df

or

use the simple script mentioned in the below article http://www.interworks.com/blogs/trhymer/2013/07/08/powershell-how-encrypt-and-store-credentials-securely-use-automation-script

-1
votes

Instead of using a batch file you could write a VBS wrapper and then use the script encoder to turn it into a VBE. The script encoder is technically not supported in Vista or 7 but it still works if you can find it somewhere. The other option would be to put all your code into a .Net EXE. Once it’s compiled it would hide the password from an ordinary user. Someone that knows what they are doing could still extract it so be aware of that. The same goes of an encoded VBE.