Get-Credential in Non-Admin PowerShell?

Windows 11, logged in as non-admin

How to make credential object in non-admin powershell?

Run from an admin powershell, this prompts for password as expected
> $Cred = Get-Credential

Run from a non-admin powershell, i get error:

> $Cred = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential

Get-Credential : Cannot process command because of one or more missing mandatory parameters: Credential.
At line:1 char:9
+ $Cred = Get-Credential
+         ~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-Credential], ParameterBindingException
    + FullyQualifiedErrorId : MissingMandatoryParameter,Microsoft.PowerShell.Commands.GetCredentialCommand

John,
Welcome to the forum.

Simply provide the account you want to create the credential object for.

For reference see the help example #2

Different error, but still not working on non-admin PS. Works only in admin PS. Have you tested this in a non-admin PS?

> $c = Get-Credential -Credential BOOM
Get-Credential : Cannot bind argument to parameter 'Credential'
because it is null.
At line:1 char:33
+ $c = Get-Credential -Credential BOOM
+                                 ~~~~
    + CategoryInfo          : InvalidData: (:) [Get-Credential], Param
   eterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotA
   llowed,Microsoft.PowerShell.Commands.GetCredentialCommand

Yes, I did. And it worked for me.

Is BOOM the name of the account? Is it a local account? Have you tried the other parameter set of Get-Credential?

What is it actually what you’re trying to accomplish? There might be another/better way.

BOOM is the local admin. Boombox is the machine name. I’ve tried all these forms. All work in admin PS. None work in non-admin PS. Something on your machine is different than mine. I wonder what it is

$c = Get-Credential -Credential BOOM
$c = Get-Credential -Credential BOOMBOX\BOOM
$c = Get-Credential -Credential "BOOM"
$c = Get-Credential -Credential "BOOMBOX\BOOM"
$Cred = Get-Credential -UserName "BOOMBOX\BOOM"

$credentialParams = @{
    Message = "Enter password."
    UserName = "BOOMBOX\BOOM"
}
Get-Credential @credentialParams

My goal is to make a bat or PS1 script on a non-admin account, which can execute pnputil twice, and never ask me for credentials, or at most just once.

The best I can do is the following bat script which requests password twice:

reset-audio.bat:

powershell.exe -ExecutionPolicy Bypass Start-Process "pnputil" -ArgumentList '/disable-device "INTELAUDIO\FUNC_01&VEN_10EC&DEV_0295&SUBSYS_1028099F&REV_1000\5&1B578A47&0&0001"' -Verb RunAs ; Start-Process "pnputil" -ArgumentList '/enable-device "INTELAUDIO\FUNC_01&VEN_10EC&DEV_0295&SUBSYS_1028099F&REV_1000\5&1B578A47&0&0001"' -Verb RunAs

Others have given me some comparatively long and complicated Scripts involving scheduled tasks. Seems to me that this should be doable with a simple one-liner like my bat above.

here’s a pure Powershell approach period if I can minimize or eliminate password requests in a non-admin account I’m good

> $deviceID = "INTELAUDIO\FUNC_01&VEN_10EC&DEV_0295&SUBSYS_1028099F&REV_1000\5&1B578A47&0&0001"
> Disable-PnpDevice -InstanceId $deviceID -Confirm:$false
> Enable-PnpDevice -InstanceId $deviceID -Confirm:$false

Workaround here if you’re using Windows PowerShell 5.1:

If you can install PowerShell 7 and use that instead no workaround is required.

I’m in a domain environment and used domain accounts.

You create a scheduled task starting your script only on demand containing all necessary commands but without any credential stuff in it. Then you configure this task to run with highest privileges with the local SYSTEM account and configure it to be allowed to be run by others … even without admin rights.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.