Run powershell script with parameter including username and password

johngib · February 4, 2025, 4:22pm

From another forum question I understand that Runas.exe does not support a parameter = password. How should i format this requirement

// Set variables
parameter “user” = “domain.com\user”
parameter “password” = “password”
parameter “scriptPath” = “D:\Commvalut script\system-integration-scripts-dev\system-integration-scripts-dev\pre_patch.ps1”
parameter “commVault” = “host.domain.com”

// Run the PowerShell script as the specified user
runas {parameter “user” ,parameter “password”} wait powershell.exe -ExecutionPolicy Bypass -File “{parameter “scriptPath”}” “{parameter “commVault”}”

So what bigfix command would i use to substitue runas with

johngib · February 4, 2025, 4:26pm

Not sure how to format this but I see if you use the

To run a BigFix command with a parameter containing a password, you would use the “override” keyword within your action script, specifying the “password” option with the actual password value enclosed in double quotes: “override targetuser="username" password="yourpassword" your_command”.

Key points to remember:

“override” keyword: This keyword allows you to execute a command with elevated privileges, which is often necessary when dealing with sensitive actions like password changes.
“targetuser” option: Specifies the username you want to use to run the command.
“password” option: Provides the password for the specified user, enclosed in double quotes.

JasonWalker · February 4, 2025, 6:49pm

Have a read through at Tip - Action Override User settings for tips

Assuming the username & password has Administrator access on the machine, and the BigFix Operator knows the account and password to send, you could probably use scenario 7

override wait
runas=localuser
user=domain.com\user
password=required
asadmin=interactive
wait powershell.exe -ExecutionPolicy Bypass -File "{parameter "scriptPath"}" "{parameter "commVault"}"

The Console prompts for the password when sending the Action; the Console operator must input the password to use.

I haven’t found any combination that allows you to hard-code the user’s password, and still run when that specific user is not logged on to the endpoint.

johngib · February 4, 2025, 10:28pm

Thanks for this. I am trying to run a automated webui script which needs to be no user interaction. Is the below option possible?

Explanation:

“override” command: This is used to specify execution details like the user account and password for running the command.
“user = “localadmin””: Defines the user account to run the command as.
“password = “empty””: Instructs BigFix to not prompt the user for a password and use an empty password instead.

Important Considerations:

Security Concerns:

Using “password=empty” means the command will execute with the specified user account without any password verification, so only use this option for situations where the user account already has the necessary permissions and the password isn’t critical.

Alternative for Secure Passwords:

If you need to pass a sensitive password securely, consider using a BigFix “SecureParameter” which allows for encrypted password storage and transmission.

johngib · February 4, 2025, 10:29pm

Not sure I understand how that works my self.

JasonWalker · February 4, 2025, 10:31pm

What page are you getting that from? I don’t think I’ve seen that.