.SYNOPSIS
Invoke Command as System/User on Local/Remote computer using ScheduleTask.
.DESCRIPTION
Invoke Command as System/User on Local/Remote computer using ScheduleTask.
ScheduledJob will be executed with current user credentials if no -AsUser <credential> or -AsSystem is provided.
Using ScheduledJob as they are ran in the background and the output can be retreived by any other process.
Using ScheduledTask to Run the ScheduledJob, since you can allow Tasks to run as System or provide any credentials.
Because the ScheduledJob is executed by the Task Scheduler, it is invoked locally as a seperate process and not from within the current Powershell Session.
Resolving the Double Hop limitations by Powershell Remote Sessions.
# Execute Locally.
Invoke-CommandAs -ScriptBlock { Get-Process }
# Execute As System.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsSystem
# Execute As a GMSA.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsGMSA 'domain\gmsa$'
# Execute As Credential of another user.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsUser $Credential
# Execute As Interactive session of another user.
Invoke-CommandAs -ScriptBlock { Get-Process } -AsInteractive 'username'
# Execute Remotely using ComputerName/Credential.
Invoke-CommandAs -ComputerName 'VM01' -Credential $Credential -ScriptBlock { Get-Process }
# Execute Remotely using Session.
Invoke-CommandAs -Session $PSSession -ScriptBlock { Get-Process }
# Execute Remotely using PSSession and execute ScriptBlock as SYSTEM.
Invoke-CommandAs -Session $PSSession -ScriptBlock { Get-Process } -AsSystem
# Execute Remotely on multiple Computers at the same time.
Invoke-CommandAs -ComputerName 'VM01', 'VM02' -Credential $Credential -ScriptBlock { Get-Process }
# Execute Remotely as Job.
Invoke-CommandAs -Session $PSSession -ScriptBlock { Get-Process } -AsJob
$ScriptBlock = { [System.Security.Principal.Windowsidentity]::GetCurrent() }
Invoke-CommandAs -ScriptBlock $ScriptBlock -AsSystem
Install-Module -Name Invoke-CommandAs
Copy Invoke-CommandAs folder to:
C:\Program Files\WindowsPowerShell\Modules\Invoke-CommandAs
$WebClient = New-Object Net.WebClient
$WebClient.DownloadString("https://raw.githubusercontent.com/mkellerman/Invoke-CommandAs/master/Invoke-CommandAs/Private/Invoke-ScheduledTask.ps1") | Set-Content -Path ".\Invoke-ScheduledTask.ps1"
$WebClient.DownloadString("https://raw.githubusercontent.com/mkellerman/Invoke-CommandAs/master/Invoke-CommandAs/Public/Invoke-CommandAs.ps1") | Set-Content -Path ".\Invoke-CommandAs.ps1"
Import-Module ".\Invoke-ScheduledTask.ps1"
Import-Module ".\Invoke-CommandAs.ps1"
One liner (dont write to disk):
"Public/Invoke-CommandAs.ps1", "Private/Invoke-ScheduledTask.ps1" | % {
. ([ScriptBlock]::Create((New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/mkellerman/Invoke-CommandAs/master/Invoke-CommandAs/${_}")))
}