forked from robotechredmond/Azure-PowerShell-Snippets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ImpersonateAsNetworkUser.ps1
79 lines (71 loc) · 1.86 KB
/
ImpersonateAsNetworkUser.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#
# Functions to support network user impersonation
#
function Get-ImpersonateLib
{
if ($script:ImpersonateLib)
{
return $script:ImpersonateLib
}
$sig = @'
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll")]
public static extern Boolean CloseHandle(IntPtr hObject);
'@
$script:ImpersonateLib = Add-Type -PassThru -Namespace 'Lib.Impersonation' -Name ImpersonationLib -MemberDefinition $sig
return $script:ImpersonateLib
}
function ImpersonateAs([PSCredential] $cred)
{
[IntPtr] $userToken = [Security.Principal.WindowsIdentity]::GetCurrent().Token
$userToken
$ImpersonateLib = Get-ImpersonateLib
$bLogin = $ImpersonateLib::LogonUser($cred.GetNetworkCredential().UserName, $cred.GetNetworkCredential().Domain, $cred.GetNetworkCredential().Password, 9, 0, [ref]$userToken)
if ($bLogin)
{
$Identity = New-Object Security.Principal.WindowsIdentity $userToken
$context = $Identity.Impersonate()
}
else
{
throw "Can't log on as user '$($cred.GetNetworkCredential().UserName)'."
}
$context, $userToken
}
function CloseUserToken([IntPtr] $token)
{
$ImpersonateLib = Get-ImpersonateLib
$bLogin = $ImpersonateLib::CloseHandle($token)
if (!$bLogin)
{
throw "Can't close token."
}
}
#
# Main Code Block
#
$creds = Get-Credential
try
{
($oldToken, $context, $newToken) = ImpersonateAs -cred $creds
#
# Insert code to run as impersonated network user
#
}
catch [System.Exception]
{
#
# Catch exceptions
#
}
finally
{
# Dispose of impersonated Context
if ($context)
{
$context.Undo()
$context.Dispose()
CloseUserToken($newToken)
}
}