0
I log in as domain user and i want in powershell (or in simple console, no matter) to run a program. the program clean user appdata unnecessary files so it has to operate within user profile. I can do runas but i got profile of admin user. How can i reach domain user profile? in silly words something like Start-Process -Verb runas -Credential adminuser -LoadUserProfile domainuser -FilePath c:\Programm Files... . Is it possible at all?
Yurij
Posted 2018-08-11T08:38:54.817
Reputation: 187
0
You can't run PS code natively as another user, especially remotely. It is a Windows OS security boundary.
PS always runs in the user context who launched it.
You'd have to use some other tool for that, for examples SysInternals PSExec.
Your other option is the copy the scrip to the user's machine and set a RunOnce in the registry, or use a scheduled task to run once, only when the user is logged on.
postanote
Posted 2018-08-11T08:38:54.817
Reputation: 1 783
a long time ago PSExec became useless since it requires many way tunning of wmi/services/firewall etc. it doesn't work out of box on user's pc. You are right that PS run processes only in user context. What about cmd/runas ? could i change context to user profile? may be set >environment_vars then a for loop set of vars do the trick? i don't just invent a bicycle – Yurij – 2018-08-12T10:18:48.363
Yep, psexec is a download (though you can run it from the SysInternals live site), so not on a users box, but it does not need to be on the destination, only on the source. Using RunAs does not allow this. To run in a remote user context you have to assume that users identity / token and there are no on-box tools that allow that. Thus that is the catch22. btw... I still use psexec (so do others I am aware of) in several scenarios, without issue and environments I support are running WIN7-10 as well as WS2K8 - 2K16. – postanote – 2018-08-12T22:06:17.337
Why not just run it as the user whose profile is being cleaned? – Patrick Seymour – 2018-08-12T01:22:15.800