March 13, 2020 at 4:43 pm
Hello, I am trying to compile a script to validate users credentials via a.d and then once validated it proceeds to run a program. At the moment, the credentials are being validated but the credentials are not being passed to run the program. The program launches with my userid rather than the domain users credentials.
[CmdletBinding()]
Param (
[Parameter(Mandatory = $False)]
[Int]$MaxAttempts = 5
)
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$UserDomain = $env:USERDOMAIN
$UserName = "$UserDomain\$env:USERNAME"
$Attempt = 1
$CredentialPrompt = "Enter your domain credentials:"
$ValidAccount = $False
# Loop through prompting for and validating credentials, until the credentials are confirmed, or the maximum number of attempts is reached.
Do {
# Blank any previous failure messages and then prompt for credentials with the custom message and the pre-populated domain\user name.
$FailureMessage = $Null
$Credentials = Get-Credential -UserName $UserName -Message $CredentialPrompt
# Verify the credentials prompt wasn't bypassed.
If ($Credentials) {
# If the user name was changed, then switch to using it for this and future credential prompt validations.
If ($Credentials.UserName -ne $UserName) {
$UserName = $Credentials.UserName
}
# Test the user name (even if it was changed in the credential prompt) and password.
$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
Try {
$PrincipalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ContextType,$UserDomain
} Catch {
If ($_.Exception.InnerException -like "*The server could not be contacted*") {
$FailureMessage = "Could not contact a server for the specified domain. Please try again after a few minutes."
} Else {
$FailureMessage = "Unpredicted failure: "$($_.Exception.Message)" Please realunch OnBase"
}
}
# If there wasn't a failure talking to the domain test the validation of the credentials, and if it fails record a failure message.
If (-not($FailureMessage)) {
$ValidAccount = $PrincipalContext.ValidateCredentials($UserName,$Credentials.GetNetworkCredential().Password)
If (-not($ValidAccount)) {
$FailureMessage = "Incorrect Credentials #$Attempt out of $MaxAttempts."
}
}
# Otherwise the credential prompt was (most likely accidentally) bypassed so record a failure message.
} Else {
EXIT
}
# If there was a failure message recorded above, display it, and update credential prompt message.
If ($FailureMessage) {
Write-Warning "$FailureMessage"
$Attempt++
If ($Attempt -lt $MaxAttempts) {
$CredentialPrompt = "Invalid Credentials:"
} ElseIf ($Attempt -eq $MaxAttempts) {
$CredentialPrompt = "Invalid Credentials:"
}
}
} Until (($ValidAccount) -or ($Attempt -gt $MaxAttempts))
Write-Host ""
If (-not($ValidAccount)) {
Write-Host -ForegroundColor Red "You failed $MaxAttempts attempts at providing a valid user credentials. "
EXIT
} Else {
Start-Process powershell -Credential -Credentials -ArgumentList '-noprofile -command &{Start-Process -FilePath "C:\Users\Public\Desktop\program" -verb runas}' -WindowStyle Minimized
}
March 14, 2020 at 5:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply