1

Backstory

I have a script that calls Enable-Mailbox right after creating a new user's account but the problem is I need to pass admin credentials along with the command in order for it to work. The script was made with a GUI to ease the process of daily admin tasks and will be used by people who don't know anything about PowerShell or even how to change directory to where the script is. Because of this I want it to run when double clicked in explorer and prompt the user once for admin credentials. Once the credentials are entered they will be stored in a file in the same directory using the following code:

Try {
    $credsFile = Import-Clixml "credentials"
    $credsFile.Password = $credsFile.Password | ConvertTo-SecureString
    $adminCreds = New-Object System.Management.Automation.PsCredential($credsFile.Username, $credsFile.Password)
}
Catch {
    # This means the credentials file does not exist
    $adminCreds = Get-Credential
    $adminCreds = $adminCreds | Select-Object *
    $adminCreds.password = $adminCreds.Password | ConvertFrom-SecureString
    $adminCreds | Export-Clixml "credentials"
    $adminCreds.password = $adminCreds.Password | ConvertTo-SecureString
}

Attempts

Since Enable-Mailbox does not have a -Credential parameter for me to pass to it I've been trying to find a way to run the script as an administrator from the start with the stored credentials. I created a script that attempts to call the main script in an elevated state.

The first one I tried was:

Start-Process -File "$PSHOME\powershell.exe" -ArgumentList "-NoExit","-Command Scripts\MainScript.ps1" -Credential $adminCreds -Wait

but it simply prompts for credentials (every time) and never loads the script.

Next I tried:

start-process powershell -verb runas -argument "scripts\MainConsole.ps1"

This loads the script just find from within the ISE but doesn't load it when doubled clicked in explorer.

I've also looked into Invoke-Command and Invoke-Expression to try and run the Enable-Mailbox command as an admin but have not been successful. Does anyone know how to either run the script as an admin from the start or at least pass credentials to Enable-Mailbox and other parameters like it?

Improve this question

1 Answer 1

Reset to default
1

Assuming you're not running this script on the Mail server, you could authenticate using your Exchange admin credentials when this connection is called? Something like: 

$server = "exchangeserver.domain.local"

Import-PSSession (New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$server/PowerShell -Authentication Kerberos -Credential $Credential)
Enable-Mailbox -Identity $cn -Alias $user

I would personally advise against storing the creds in a file, but you should be able to run this as any user, and pass credentials to the $credential variable as above (or just let them log in each time).

If they need additional help with remembering correct usernames, etc, I quite like assisting with stuff like this (depending on how your accounts are named): 

$credential = Get-Credential "exchange_admin" # or
$credential = Get-Credential $env:Username"_admin"

On the subject of running from an icon, one horrendous workaround that I'm aware of is to create a batch file that runs 

@powershell -FilePath \\fullpath\to\script.ps1 -params
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.