How to run Start-Process in Powershell using user credentials?

Question

I've got a Windows service (Jenkins) that runs a script which needs to run a command as a specific user.

I tried to do this but it doesn't work:

$secpasswd = ConvertTo-SecureString "myPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential("DOMAIN\myUsername", $secpasswd)

$Arguments = @()
$Arguments += "-Command"
$Arguments += "pwd"
$Arguments += ">"
$Arguments += "output.txt"
Start-Process powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
Start-Sleep 2
Get-Content "$workingDir\output.txt"

I get this output:

Start-Process : This command cannot be executed due to the error: Access is denied.
At C:\Windows\TEMP\hudson2382859596554223918.ps1:32 char:14
+ Start-Process <<<<  powershell.exe -ArgumentList $Arguments -Credential $mycreds -NoNewWindow -WorkingDirectory $workingDir
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Now if I remove -Credential $mycreds it works fine. The reason why there is that Start-Sleep at the end is that I removed the -Wait after reading this question on SO.

Am I missing something here?

Do you have any reserved characters in your password that need to be escaped? — TheMadTechnician, Feb 13 '14 at 16:19
I tried locally with `$mycreds = Get-Credential` to have a dialog but have the same result. — Uflex, Feb 13 '14 at 16:23
Are you able to launch PowerShell on that computer, using the alternate credentials, by right-click on PowerShell and click `"Run as Different User?"` — , Feb 13 '14 at 16:43
There is no remote login, everything is local but I have do that because Jenkins is installed as a Windows service and it launches powershell as SYSTEM user (result from `Write-Host "User: $([Environment]::UserName)"`) whereas when I try locally it works because the same command returns my username. The build script needs to access a script file on the local network which permissions are set to allow my account to access it. — Uflex, Feb 13 '14 at 16:52
Wait, I just re-read the command you're running... You're using Powershell to launch Powershell as a different user? This brings other things to mind, such as does the other account have execution restrictions in place for running unsigned scripts and what not. Also, check out the following link to see about saving the password to a file as secure text instead of saving it as plain text in your script: http://gallery.technet.microsoft.com/scriptcenter/Execute-PowerShell-Script-38881dce — TheMadTechnician, Feb 13 '14 at 16:52
At first I had the remote script to execute in place of that `powershell.exe` but as it wasn't working I thought that maybe launching another shell would work... but to my despair it didn't :( — Uflex, Feb 13 '14 at 16:56
What user is the Jenkins service running from? You need specific privileges to be able to run processes from a different user. — Poorkenny, Feb 13 '14 at 17:45
It seems to be running from the "SYSTEM" user. It is the default when you install jenkins on Windows 7 with the installer provided on the official website. — Uflex, Feb 13 '14 at 18:08

score 14 · Answer 1 · answered Feb 13 '14 at 16:41

14

$username = "username"

$password = "password"


$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))


Start-Process dnscrypt-proxy.exe -WorkingDirectory path_here -Credential ($credentials)

--from powershell forums; i searched for this same solution just a couple days ago and this worked. hope it helps you.

Source: http://powershell.com/cs/forums/t/9502.aspx

answered Feb 13 '14 at 16:41

driz

455
3
16

1

Just tried it and I've got the same error as what I had previously: it works in local (if I run powershell from the start menu) but as soon as I copy the script in Jenkins it doesn't work anymore... – Uflex Feb 13 '14 at 17:15
Note that I in order for it to work, the username might have to be written in the format DOMAIN\USERNAME – I kept getting invalid credential error otherwise. – alelom May 14 '18 at 10:25

score 7 · Accepted Answer · edited May 23 '17 at 12:02

Finally found the solution: by default, Jenkins is run as a service log on as the "Local System account". To change this launch the services application (type "services" in the start menu), look for Jenkins, double click on it and go to the "Log On" tab.

You should now see what account the service is using. Change to "This account" and fill in your account details and voila!

For the record the command I was originally trying to run works fine now, without having to add any of the "changing user" things on top.

Special thanks to @Poorkenny that put me on the correct track with his comment, THANK YOU! Stackoverflow rocks! (that moment when thanks to someone you just solved an issue that took you the whole day to figure it out...)

How to run Start-Process in Powershell using user credentials?

2 Answers2

Linked