Execute Powershell scripts as Console User

Description

By default, the FileWave Client executes scripts and tasks with elevated permissions (rootSystem on macOS)Windows). ThisThe additionbelow shows a method to the start oflaunch a script will execute itcommand as thean currentlyalternate logged-in user (also known as the console user).user.

Ingredients

• Text editor
• FileWave Central

Directions

This

1. Insertmethod this nearrequires the startusername and password of yourthe script,user beforeto run the desiredcommand.  actions.Do not add usernames and passwords directly in scripts.

   Credentials of a user may be passed to Invoke-Command.  

   Due to the above warning, add the username and password as Environment Variables to the Script in the Fileset.

   For example:

   

   Change 'secure_password' and 'user' values to required entries.

   These will be referenced in the Powershell Script as:

   • $Env:pass
   • $Env:user

   For example:

   #!/bin/zsh$securePassword current_user== ConvertTo-SecureString $(statEnv:pass -f%Su /dev/console)
   current_user_id=$(idAsPlainText -uForce
   $current_user)

   credential Example:=

   #!/bin/zshNew-Object current_user=System.Management.Automation.PSCredential ($(stat -f%Su /dev/console)
   current_user_id=$(id -uEnv:user, $current_user)
   
   launchctl asuser $current_user_id sudo -u $current_user whoamisecurePassword)
   
   echo "hello$Env:UserName"
   
   world"Invoke-Command >>-ComputerName /Users/localhost -Credential $current_user/Desktop/test.txtcredential -ScriptBlock {
     # Code to action by the defined user should be added here
     echo "$Env:UserName"
   }

The

output of the above will show that the username has altered, by first echoing the System name and then the name of the user within the script block:

DESKTOP-N05SO1D$
LocalAdmin