Invoke Command as System/User on Local/Remote computer using ScheduleTask.
Branch: master
Clone or download
Latest commit 4b55b47 Feb 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Invoke-CommandAs Update Invoke-CommandAs.psd1 Feb 21, 2019
Scripts Create Invoke-CommandAs.ps1 Feb 21, 2019
Tests Renamed Feb 5, 2019
.gitattributes Initial commit Jan 5, 2018
Invoke-CommandAs.bootstrap.ps1 Renamed Feb 5, 2019
Invoke-CommandAs.build.ps1 Added CreateScriptFile task Feb 21, 2019
LICENSE.md Update LICENSE.md Feb 21, 2019
README.md Update README.md Feb 21, 2019
azure-pipelines.yml Renamed Feb 5, 2019

README.md

PSGallery Version PSGallery Downloads

Azure Pipeline Analytics

Invoke-CommandAs

.SYNOPSIS

    Invoke Command as System/User on Local/Remote computer using ScheduleTask.

.DESCRIPTION

    Invoke Command as System/User on Local/Remote computer using ScheduleTask.
    ScheduledJob will be executed with current user credentials if no -As <credential> or -AsSystem is provided.

    Using ScheduledJob as they are ran in the background and the output can be retreived by any other process.
    Using ScheduledTask to Run the ScheduledJob, since you can allow Tasks to run as System or provide any credentials.
    
    Because the ScheduledJob is executed by the Task Scheduler, it is invoked locally as a seperate process and not from within the current Powershell Session.
    Resolving the Double Hop limitations by Powershell Remote Sessions. 

Examples

# Execute Locally.
Invoke-CommandAs -ScriptBlock { Get-Process }

# Execute As System.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsSystem

# Execute As a GMSA.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsGMSA 'domain\gmsa$'

# Execute As Credential of another user.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsCredential $Credential

# Execute As Interactive session of another user.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsInteractive 'username'

You can execute all the same commands as above against a remote machine.

Use -ComputerName/Credential or -Session to authenticate

# Execute Remotely using ComputerName/Credential.
Invoke-CommandAs -ComputerName 'VM01' -Credential $Credential -ScriptBlock { Get-Process }

# Execute Remotely using Session.
Invoke-CommandAs -Session $PSSession -ScriptBlock { Get-Process }

# Execute Remotely using PSSession, and execute ScriptBlock as SYSTEM and RunElevated.
Invoke-CommandAs -Session $PSSession -ScriptBlock { Get-Process } -AsSystem -RunElevated

# Execute Remotely on multiple Computers at the same time.
Invoke-CommandAs -ComputerName 'VM01', 'VM02' -Credential $Credential -ScriptBlock { Get-Process }

# Execute Remotely as Job.
Invoke-CommandAs -Session $PSSession -ScriptBlock { Get-Process } -AsJob

How to see if it works:

$ScriptBlock = { [System.Security.Principal.Windowsidentity]::GetCurrent() }
Invoke-CommandAs -ScriptBlock $ScriptBlock -AsSystem

Install Module (PSv5):

Install-Module -Name Invoke-CommandAs

Install Module (PSv4 or earlier):

Copy Invoke-CommandAs folder to:
C:\Program Files\WindowsPowerShell\Modules\Invoke-CommandAs

Import Module directly from GitHub:

$WebClient = New-Object Net.WebClient
$psm1 = $WebClient.DownloadString("https://raw.githubusercontent.com/mkellerman/Invoke-CommandAs/master/Scripts/Invoke-CommandAs.ps1")
Invoke-Expression $psm1

One liner:

(New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/mkellerman/Invoke-CommandAs/master/Scripts/Invoke-CommandAs.ps1") | iex