Execute Powershell scripts as Console User

Description

By default, the FileWave Client executes scripts and tasks with elevated permissions (~~root~~System on ~~macOS)~~Windows). ~~This~~The ~~addition~~below shows a method to ~~the start of~~launch a ~~script will execute it~~command as ~~the~~an ~~currently~~alternate ~~logged-in user (also known as the console user).~~user.

Ingredients

Text editor
FileWave Central

Directions

This

~~Insert~~method ~~this near~~requires the ~~start~~username and password of ~~your~~the ~~script,~~user ~~before~~to run the ~~desired~~command. ~~actions.~~Do not add usernames and passwords directly in scripts.

Credentials of a user may be passed to Invoke-Command.

Due to the above warning, add the username and password as Environment Variables to the Script in the Fileset.

For example:

Change 'secure_password' and 'user' values to required entries.

These will be referenced in the Powershell Script as:

$Env:pass $Env:user

For example:

#!/bin/zsh$securePassword current_user== ConvertTo-SecureString $(statEnv:pass -f%Su /dev/console)
current_user_id=$(idAsPlainText -uForce
$current_user)

credential ~~Example:~~=

#!/bin/zshNew-Object current_user=System.Management.Automation.PSCredential ($(stat -f%Su /dev/console)
current_user_id=$(id -uEnv:user, $current_user)

launchctl asuser $current_user_id sudo -u $current_user whoamisecurePassword)

echo "hello$Env:UserName"

world"Invoke-Command >>-ComputerName /Users/localhost -Credential $current_user/Desktop/test.txtcredential -ScriptBlock {
  # Code to action by the defined user should be added here
  echo "$Env:UserName"
}

The

output of the above will show that the username has altered, by first echoing the System name and then the name of the user within the script block:

DESKTOP-N05SO1D$
LocalAdmin