Skip to main content

Execute Powershell scripts as Console User

Description

By default, the FileWave Client executes scripts and tasks with elevated permissions (rootSystem on macOS)Windows). ThisThe additionbelow shows a method to the start oflaunch a script will execute itcommand as thean currentlyalternate logged-in user (also known as the console user).user.

Ingredients

  • Text editor
  • FileWave Central

Directions

    This

  1. Insertmethod this nearrequires the startusername and password of yourthe script,user beforeto run the desiredcommand.  actions.Do not add usernames and passwords directly in scripts.

    Credentials of a user may be passed to Invoke-Command.  

    Due to the above warning, add the username and password as Environment Variables to the Script in the Fileset.

    For example:

    image.png

    Change 'secure_password' and 'user' values to required entries.

    These will be referenced in the Powershell Script as:

    • $Env:pass
    • $Env:user

    For example:

    #!/bin/zsh$securePassword current_user== ConvertTo-SecureString $(statEnv:pass -f%Su /dev/console)
    current_user_id=$(idAsPlainText -uForce
    $current_user)
    credential Example:=
    #!/bin/zshNew-Object current_user=System.Management.Automation.PSCredential ($(stat -f%Su /dev/console)
    current_user_id=$(id -uEnv:user, $current_user)
    
    launchctl asuser $current_user_id sudo -u $current_user whoamisecurePassword)
    
    echo "hello$Env:UserName"
    
    world"Invoke-Command >>-ComputerName /Users/localhost -Credential $current_user/Desktop/test.txtcredential -ScriptBlock {
      # Code to action by the defined user should be added here
      echo "$Env:UserName"
    }
  2. The

output of the above will show that the username has altered, by first echoing the System name and then the name of the user within the script block:

DESKTOP-N05SO1D$
LocalAdmin