Windows command line to run as the currently logged in user after starting command/batch script as another user within the same script?

Question

I have a Windows batch script which is auto run at login as a particular admin user (not the same user that is logged in) for all standard users.

Within the same script, I need to run a check on their group membership (by calling an exe with a specific group as a parameter) on the currently logged in user, i.e. the user who is logged into windows which the script's shell displays and is run from/on.

Then dependant on the outcome of the aforementioned check, continue processing the same script using the initial admin user's rights, i.e. to install software.

Is there any way to do this without asking for credentials, purely through command line or maybe even powershell (called from within the script)?

I'm looking for a completely non-interactive experience for the user as this is to be applied to up to approx. 9000 users.

Any help would be appreciated. Cheers.

Answer 1

Runas command has key /savedсred, but under every new user you still need to enter the password(once).

There is way in powershell:

1. Use ConvertTo-SecureString to encrypt password
2. Create credentials object
3. Run application with Start-Process

$secstring = ConvertTo-SecureString -String $password -AsPlainText -Force

$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,$secstring)

Start-Process <filefullpath> -WorkingDirectory <work dir> -Credential ($credentials)

But securestring encrypted on a computer can not be decrypted at the other (if you do not encrypt with a known key with -Key parameter) In fact, you have to put credentials in the body of your script.