Authenticating within a script without entering admin credentials

Similar Messages

• Securely deploying and using credentials within a script (not running the script under the credentials)

  Here is my scenario - I have SCOM 2007 R2 and on certain agents I want to execute a script. One of the actions of that script is to access a secured web page using a username and password via integrated authentication (IE pop-up for auth).
  The username and password that I need to use are unrelated to the Windows domain that the servers run in, meaning you can think of the website as if it were a public site (it isn't, but it has no security sharing with the domain where the agents run - no trust,
  no nothing).
  I can easily accomplish this by hard-coding the username and password within the script (powershell), however, I don't want to do this for security reasons. Here's a rough example of the relevant code:
  $targetURL = "https://somehost.somewhere.something/filename.zip"
  $path = "c:\downloads\filname.zip"
  $wclient = New-Object System.Net.WebClient
  $wclient.Credentials = New-Object System.Net.Networkcredential($uname, $pword)
  $wclient.DownloadFile( $url, $path )
  What I want is a way to pass the $uname and $pword variables to this script securely, with the script running on a schedule under SCOM. The SCOM agents run as localsystem and need to remain that way.
  I currently use Run-As accounts and profiles for other functions where the entire script runs under the run-as profile, but I can't figure out how to extract the username and passwords, and doubt it's even possible.
  To be clear, I cannot run the script under the given credentials as a Run-As account as those credentials are not known to the local server. I need to somehow pass the credentials to the script (other than hardcoding) or extract them from the run-as accounts.
  I've looked at the get-runasaccount cmdlet and can see some of the info there, but don't see a way to re-use, pass-through, or extract the password for use in my scenario.
  Any guidance? Can I get there from here?

  Hi, check this
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/ebfc706d-93be-4ca0-83e0-33d9e072fb97/powershell-script-monitor-with-encrypted-password?forum=operationsmanagerauthoring
  But you should not specify runas account for your workflow, just reference Runas Username and Password from Profile and use simple authentication. (The same way as in article above)
  So in the end your script will be executed by default action account but you'll pass username and password securely to your script.

• Admin suddenly cannot delete files without entering password?

  Admin (and sole user) suddenly cannot delete files without entering password?

  Admin (and sole user) suddenly cannot delete files without entering password?

• Access the reports (as a URL) without entering credentials

  Is there a way to access the reports (as a URL) without entering credentials. One of my clients is trying to use a url and store it on Oracle workspace and the reports that are generated he wants to put them there. Any help will be greatly appreciated.
  Thanks,
  Cedric

  Hey Amith,
  I'm getting an Unable to Log In " An invalid User Name or Password was entered"
  I know i have the correct username and pwd b/c I logged on with those credentials earlier. Do you know what i could be doing wrong? I got the path information from catalog manager. Below is the url i created:
  http://retailtools.us.oracle.com:7778/analytics/saw.dll?GO&NQUser=austin_leads&NQPassword=Oracle#06&Path=/users/austin_leads/Dashboard%20Reports/Test%20Cases%20Execution%20Current%20Status%20w\/%20Failure%20and%20Execution%20Rates%20-%20Dashboard
  Also when I enter the username/pwd from above I the the following msg:
  No Columns
  The request cannot be performed because it contains no columns.
  Thanks,
  Cedric

• Is it possible to set up ADFS without domain admin rights in Windows 2012 R2?

  I've set up Windows 2012 R2 on my development box and want to enable the ADFS feature to test claims based authN. In ADFS 2.0, you could opt to install standalone and local admin privileges would be enough to install ADFS and authenticate against the domain
  AD.
  However, with the new ADFS, after installing the feature it asks to enter the credentials for an account that is a domain admin. Is it still possible to configure ADFS without domain admin privileges?

  Hi,
  According to my research, if you want to set up AD FS in Windows server 2012 R2, each computer
  that functions as a federation server must be joined to an Active Directory domain.
  Besides, AD FS requires a certificate for SSL server authentication on each federation server in your federation server farm. Furthermore, you need a membership in
  Administrators on the local computer to install the AD FS role service.
  For more detailed information, please refer to the links below:
  How to deploy AD FS in Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn303423.aspx
  Best regards,
  Susie

• Login SharePoint 2013 without entering domain

  In my case, SharePoint and client machine is different domain.Has any way allow SharePoint 2013 log in without entering domain?
  I found that IIS 6 has a option for Basie authentication and set up default domain, is it suitable for new version IIS and SP13?
  Ref: https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/c2cfb57c-a574-4a7b-b91b-49fddb9ad4c8.mspx?mfr=true
  Thanks.

  http://social.technet.microsoft.com/Forums/office/en-US/2230e7bb-e880-4ab8-9db9-c11ea016c484/login-without-entering-domain?forum=sharepointadminlegacy
  If I am not mistaken IIS 6.0 has a default domain name setting, but please verify..
  This is *incorrect* for SharePoint sites.
  There the server name is always assumed as the "domain".
  So writing in only username would work fine if username is a local user on the server where the SharePoint system is running but not otherwise.
  Instead of bothering about needing to write domain name in addition to username, the problem should be avoided altogether by
  a) making sure that the site is in the Intranet Security Zone for IE 6 / 7 and that the default value of "automatic login only in the Intranet zone" is still selected.
  OR
  b) if the site isn't in the Intranet, by specifying for the IE Security zone that it is in that Login is "automatic login using current name and password".
  The way we've done this is to configure ONLY Basic Authentication in the IIS site and then add the domain to the Default domain text box.  This works fine, but unfortunately sends a user's credentials in clear text.  To prevent this, we used a
  self-signed SSL cert to keep traffic encrypted even though its using Basic Authentication.
  Of course you may want to experiment with using both Integrated Windows and Basic Authentication and possibly get a mixture of both behaviors
  If this helped you resolve your issue, please mark it Answered

• How can I remove the admin credentials when starting an application?

  Hello everyone!
  We have changed all the City use of computers. Before, everybody was local admin and today they are standard user. The process is not finished but well advanced. I had a few problems but all went quite well. One of the remaining bugs that I had is two applications
  that always ask for admin credentials when I start them.
  - I have given permissions for the apps to start as admin (properties of exe--> Compatibility-->run this program as an administrator) but it is not working.
  - Have given all permission in the folder where the application is installed but to no avail to.
  Do you know how can I correct that?
  That would be quite a setback if I would have to give back admin right to users.
  Thank you very much!

  Hi ArunKumarJ,
  Some programs have .exe files that have to be run as or invoked as an administrator on a client computer within a domain.
  The regular way to do that is to grant all necessary permission of resources for that user. Since as you mentioned that your application need to access lots of resources in system. So I am the afraid that the simplest way to do that is to keep UAC (user
  account control) open，create a administrator entry and let the standard user run this application as administrator.
  If it is not possible to provide. Try ACT (Application Compatibility Toolkit) and other methods as mentioned in following link and check if it works for
  your application.
  https://social.technet.microsoft.com/Forums/windows/en-US/55a4bd0a-e868-4329-ac04-0e5237f5fcb4/how-can-i-allow-a-standard-user-to-run-a-program-with-admin-rights-without-prompting-for-a-password?forum=w7itproappcompat
  https://social.technet.microsoft.com/Forums/windows/en-US/03de6f80-d994-4e5c-8ffd-f13778c32e5c/how-to-run-business-card-scanner-program-with-out-prompting-the-administrator-password-on-a-domain?forum=w7itproinstall#8f0f6b9a-4e52-473f-aa61-2e45061ce7a0
  Regards,
  D. Wu
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Remote Computer Management Using Local Admin Credentials?

  As per your requirement, I would suggest you to have a look on Lepide remote admin tool that allows to remotely administer single or multiple computers in the entire network simultaneously spread across multiple domains. Tool is free.

  If you are running as a standard user on your workstation and need to user the Computer Management mmc to remotely manage a second Windows workstation on your domain, how do you do this without using a domain account that is local admin on the remote system?If you open computer management locally first, you are prompted by UAC for local admin credentials on your local machine before you can even open Computer Management. If you provide those credentials and then try to connect to the remote computer using the mmc interface, you will get access denied errors if the administrator account isn't the same on both systems. It just fails without prompting for alternate credentials.Is there any workaround to get it to prompt and allow you to enter the local admin user credentials for the remote PC?I know you can get around this by using a...
  This topic first appeared in the Spiceworks Community

• [SOLVED] Require authentication before my script executes

  OK I got a little bash script where I type in how many minutes my computer will poweroff.
  Normally, it can be ran with regular user even the code contains command "poweroff" which requires root privilegies so, when times up, instead of poweroff, I get message: "poweroff: must be superuser"
  Now, I want it to be like, when I run it (./myscript) to require authentication before the script even start like, for example Gparted requires, so if an authentication passes, my scirpt can run and have permission to do whatever it's written in it (in this case, 'poweroff').
  Thanks ^_^
  Last edited by broi (2012-03-24 23:38:44)

  (From another thread)
  foppe wrote:
  # Check for admin rights. If user is not an admin user, exit the script
  if [ $UID != 0 ]
  then
  echo "You need to be root to run this script! Exiting..."
  exit
  fi
  This snippet checks if you've sudo-ed it (or ran as root). All subsequent commands can be coded without sudo.

• Delay when starting accdb without local Admin rights.

  Hi,
  I have a problem with one application, the front end of the application is MS Access DB that's connects to our SQL Server over odbc driver If the user is in a local administrator group everything is working fast. When the same user is put in the user group
  without Administrative rights I recive a delay for about 60 sec then the error pops up
  After I hit ok a new SQL login pops up and I just press second time ok and the application starts without entering any user and pass. This is not happening if the user is in the built in Administrators Group.
  Thanks for the help
  fract

  Hi fract,
  as a Microsoft partner I have asked support for help.
  Here is their answer:
  Hi Partner,
  Thanks for your reply.
  Based on my research, the issue is identified as a compatibility issue that Access 2010 has with SQL Server 2008 R2. Access uses PERMISSIONS function to check the privileges. The PERMISSIONS function is deprecated in SQL Server 2008 R2. I haven’t found
  any workaround for this issue currently.
  You can check the more detail information at below link:
  PERMISSIONS (Transact-SQL)
  http://msdn.microsoft.com/en-us/library/ms186915(v=sql.105).aspx
  I think you need to access SQL Server 2008R2 with local admin right.
  If you have any further questions, please let me know.
  Best Regards,

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• How to run a script without Photoshop's GUI or...

  within GUI, but without animation of every command in the script?
  I need to process huge number of pictures - animation makes serious impact on performance...
  Thanx all.

  In VB/VB.Net you can use the visible property and make Photoshop invisible. I don't think it appreciably speeds up the processing but it does seem to help some.
  The downside is if your application has some kind of issue and doesn't make Photoshop visible again before quitting. At least in older versions (pre CS3) I experienced Photoshop not showing itself even after stopping and restarting, including re-booting etc. You had to run a program that made it visible again. At least that was my experience.
  I don't know if that is still true in CS2/CS3/CS4 however and may not be.
  While I haven't done any highly controlled bench marking, I have found that in CS4 (at least the original public release of it), VB.net seemed to outperform java script doing the same thing by about 33%. I did my best to make both as efficient as possible and I just couldn't get the java script stuff to operate as fast. I was surprised. Again, it wasn't as controlled as it should have been, but it was at least consistent.
  Another thing that should make the execution more efficient is to make sure the layers palette is either not shown or is collapsed. That actually seems to speed things up quite a bit. The program doesn't have to show all the changes happening in that palette. Of course all pallets that change upon execution of commands should also be closed or collapsed. This should be done even if you are going to minimize and/or hide photoshop too. I'm of the opinion (via observation) that the program knows when these palettes don't need to be updated and so they must avoid doing the code behind the display of the change.
  Regards
  George Smith

• WMI tasks, how to launch one .EXE using Admin credentials

  Hi there,
  My goal is just start Sql Server Management Studio using ADMIN credentials.
  This is my script:
  Dim objWMIService, objProcess, objCalc
  Dim strShell, objProgram, strComputer, strExe 
  strComputer = "."
  strExe = "Ssms.exe"
  set objWMIService = getobject("winmgmts://"_
  & strComputer & "/root/cimv2") 
  Set objProcess = objWMIService.Get("Win32_Process")
  Set objProgram = objProcess.Methods_( _
  "Create").InParameters.SpawnInstance_
  objProgram.CommandLine = strExe 
  Set strShell = objWMIService.ExecMethod( _
  "Win32_Process", "Create", objProgram) 
  WSCript.Quit 
  Thanks for any input, 

  If you want to bore yourself here are the rules.
  https://msdn.microsoft.com/en-us/library/aa826699%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
  Handling Remote Connections Under UAC
  Whether you are connecting to a remote computer in a domain or in a workgroup determines whether UAC filtering occurs.
  If your computer is part of a domain, connect to the target computer using a domain account that is in the local Administrators group of the remote computer. Then UAC access token filtering will not affect the domain accounts in the local Administrators
  group. Do not use a local, nondomain account on the remote computer, even if the account is in the Administrators group.
  In a workgroup, the account connecting to the remote computer is a local user on that computer. Even if the account is in the Administrators group, UAC filtering means that a script runs as a standard user. A best practice is to create a dedicated local
  user group or user account on the target computer specifically for remote connections.
  David Candy

• First time client opens java needs admin rights to download, any way to push java runtime from ARD and open so they don't have to have admin credentials?

  Hey guys,
  I am the IT admin for Macs in our company. When we put a brand new image on a client machine, it works perfectly. I can install and run packages using ARD. For Java however, when a client opens something required by java it says it needs to download the java runtime etc etc... It requires admin rights to download and install. My Users do not have admin privileges to install things.
  Does Apple have the packages they install the javaruntime with on the internet to download as a .pkg or something similar? I was not able to find one that I could use and push through Apple Remote Desktop. Any suggestions?
  Basically I need a way to have javaruntime on a machine without me needing to log into each computer individually to download it or needing to give admin rights to the users.
  Thanks!

  Nevermind; I found a standalone installed located at:
  http://support.apple.com/kb/DL1421
  I install this through ARD before running any update features or anything so the end-user will not have to type in admin credentials since I can do this from my side of things now.

• SPA3102 pstn-voip dial tone without entering pin

  Hello,
  Once spa3102 is authenticated by pin, the adapter gives dial tone without entering pin (just the # sign after the beep) even when a different phone is used to call the spa3102 pstn number.
  Isn't this a security compromise? Any one can access my voip account if the pin does not work.
  Any help will be greatly appreciated.

  that's weird...if PIN Authentication is enabled, it prompts the caller to enter the PIN number followed by a # key
  how long is your PIN?  i have the same set-up in my house and authentication works fine and i tried pressing # after the beeps but it didn't give me a dial tone....
  | isolate! isolate! isolate! |