Module Highlight: Invoke-CommandAs

Invoke-Command is a great tool in the powershell arsenal, but what if you need a little more than what the standard Invoke-Command has to offer?

For example, I have a funky batch script that does some SQL juju that needs to be run as the SYSTEM user on demand. Or, what if I’m running into that pesky double-hop issue? Enter Invoke-CommandAs

Invoke-CommandAs is a module that will let you run scriptblocks as a variety of users. Under the hood, it does this by creating a scheduled task on the local machine and running it as the indicated user. Here’s are some examples below pulled directly from the Github page:

# Execute Locally.
Invoke-CommandAs -ScriptBlock { Get-Process }

# Execute As System.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsSystem

# Execute As a GMSA.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsGMSA 'domain\gmsa$'

# Execute As Credential of another user.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsUser $Credential

# Execute As Interactive session of another user.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsInteractive 'username'

And here is the description of what it does:

.SYNOPSIS

    Invoke Command as System/User on Local/Remote computer using ScheduleTask.

.DESCRIPTION

    Invoke Command as System/User on Local/Remote computer using ScheduleTask.
    ScheduledJob will be executed with current user credentials if no -AsUser <credential> or -AsSystem is provided.

    Using ScheduledJob as they are ran in the background and the output can be retreived by any other process.
    Using ScheduledTask to Run the ScheduledJob, since you can allow Tasks to run as System or provide any credentials.
    
    Because the ScheduledJob is executed by the Task Scheduler, it is invoked locally as a seperate process and not from within the current Powershell Session.
    Resolving the Double Hop limitations by Powershell Remote Sessions. 

In another use case I like to combine this with PSWindowsUpdate module to schedule Windows updates with Jenkins.

https://github.com/mkellerman/Invoke-CommandAs

One thought on “Module Highlight: Invoke-CommandAs

Leave a Reply

Your email address will not be published. Required fields are marked *