Here’s what I’m trying to do and not sure if it’s possible.
Disable a smartcard reader.
Launch IE.
When IE process completes, re-enable smartcard reader.
Issue:
It requires admin credentials from smartcard to disable/enable device.
IE cannot run under admin credentials so running .ps1 as admin will not work.
Here’s what I currently have:
Credentials and IE are commented out for testing.
If ran as an admin the .ps1 will disable smartcard, wait 10 seconds and re-enable.
But IE will not launch that’s why commented out.
When trying to run as non-admin and prompting for credentials it does not work. That’s why $creds is commented out.
[pre]
##get admin credentials from smartcard
#$creds = Get-Credential
##Broadcom smartcard reader
##capture smartcard reader using hardware ID
$d = Get-PnpDevice | where {$_.HardwareID -like “USB\VID_0A5C&PID_5832&REV_0101&MI_01”}
##disable smartcard reader using admin credentials and suppress confirm prompt
$d | Disable-PnpDevice -Confirm:$false #$creds
##starts IE and holds script until process is completed #start-process -filepath “C:\Program Files\Internet Explorer\iexplore.exe” -NoNewWindow -Wait https://www.google.com
sleep 10 seconds for testing until cert issue resolved
This is an IE elevation issue, not really a PowerShell code problem.
IE will only run in the context of the currently logged on user.
Run PowerShell as admin, then start IE from the session.
Thanks for the suggestion but from I stated it’s not possible to run IE as an administrator. I need to pass credentials from a smartcard to powershell to disable another smartcard reader.
So, are you saying powershell cannot pass credentials from smartcard to a command?
PowerShell can pass whatever creds you can collect in to a variable to send to a destination.
My query would be why you are using IE in this use case at all. You are not showing that that IE instance is doing anything other than just starting it. You are not passing cred to IE, etc., or the URL you are using.
However, yes, you can run IE elevated, I do this daily. I simply have a shortcut on my desktop with the advanced properties set to always launch as administrator. You can also launch IE elevated as admin using the normal right click, Run as Administrator. You can see the user token of the IE normal and elevated instances using process explorer.
I’ve had little reason no to do this in code in any use case. Yet, if I did, I could just start that elevated shortcut. or just use this…
Forget IE. As originally stated “IE cannot run under admin credentials so running .ps1 as admin will not work.” It’s not that I do not know how to do it, it’s that it’s not permitted.
Need to get “Disable-PnpDevice 'USB\VID_0A5C&PID_5832&REV_0101&MI_01” using smartcard credentials.
Tried using the invoke-command but cannot get it to work with disable-pnpdevice.
“PowerShell can pass whatever creds you can collect in to a variable to send to a destination.” if this were the case then the code “$d | Disable-PnpDevice -Confirm:$false $creds” would work.
I get this error:
Disable-PnpDevice : The input object cannot be bound to any parameters for the command either because the command
does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline
input.
At C:\code\powershell\CCE.ps1:10 char:6
$d | Disable-PnpDevice -Confirm:$false $creds
CategoryInfo : InvalidArgument: (Win32_PnPEntity…6&528937A&0…):PSObject) [Disable-PnpDevice], P
arameterBindingException
The error you are getting is most likely because you are passing a null value to the pipeline, as can be shown below:
PS C:\Users\Rob> $nothing | Disable-PnpDevice -Confirm:$false -WhatIf #$creds
Disable-PnpDevice : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
At line:1 char:13
+ $nothing | Disable-PnpDevice -Confirm:$false -WhatIf #$creds
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Disable-PnpDevice], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Disable-PnpDevice
Maybe add some code to see if the variable is null before sending to the pipeline:
##capture smartcard reader using hardware ID
$d = Get-PnpDevice | where {$_.HardwareID -like "USB\VID_0A5C&PID_5832&REV_0101&MI_01"}
##disable smartcard reader using admin credentials and suppress confirm prompt
if ($d) {
$d | Disable-PnpDevice -Confirm:$false -WhatIf #$creds
}
else {
'Device not found'
}