Getting a PSCredential Object

A little setup first…

I have a Windows 8.1 physical box that is only allow to be logged into with a Domain Admin account. All other accounts are denied via GPO’s. On that physical box I am also running virtual machines for Server Administrators, and Workstation Admins that restrict logons to only those accounts via GPOs as well.

From my Physical box as a domain admin and I am attempting to run a script that will query the other boxes. When running on the other boxes I need to pass the credentials of a user that is authorized to login (e.g. server admin, workstation admin) so that I can read some registry keys. I am using invoke-command do to so (Invoke-Command –computerName $ServerName –ScriptBlock {(Get-ItemProperty).SomeValue} –credentials $Creds

When I am running the scrips as a Domain Admin on the physical box, or Server Admin on the Server Admin Hyper-V box, or Workstation Admin… you get the point, I don’t need to pass credentials to the function to read the keys, I already have access to the remote server but the command does not seem to run with the –credentials $Creds being blank. So I am trying to capture MY credentials of the machine that I am logged into without having to retype my username and password again to pass to in $Creds.

OR, am I going about this entirely wrong? I am just trying to avoid a bunch of If statements. I just wanted to pass creds that I already possess.

If you want to authenticate as the current user, just don’t pass anything to the Credential parameter at all (take the -Credential $Creds part out of your command.)

If you have some code that should optionally use a Credential object, use splatting, like so:

$splat = @{}

if ($Creds)
    $splat['Credential'] = $Creds

Invoke-Command @splat -ComputerName $ServerName -ScriptBlock { (Get-ItemProperty).SomeValue }

Dave, I think that will do the trick! Now I just have to wait until Monday to get back to work to test it out.

Alternatively you could also store your password as an encrypted string and build your credentials objects based on the encrypted string stored on disk.