Feature Request: Invoke-gsudo credentials parameter
NorskNoobing opened this issue · 5 comments
Description
I want a credentials parameter on the Invoke-gsudo
function. This way it would be easier to run multiple different functions when providing the credentials once. You'll also be able to import your credentials from a file instead of using UAC all the time.
Proposed technical details
Here you'll be able to invoke multiple functions into separate variables:
Enter creds before running functions:
$admCreds = Get-Credential -Message "Enter admin credentials"
or import creds from a encrypted file:
$admCreds = Import-Clixml $admCredsPath | ConvertFrom-Securestring -AsPlainText
$var1 = Invoke-gsudo -Credentials $admCreds {function1}
$var2 = Invoke-gsudo -Credentials $admCreds {function2}
Interesting. In the past I've refrained to send plain text credentials to gsudo, but I like the idea of using PowerShell secure credentials. Specially to start a cache or similar:
Start-Process .\gsudo.exe -ArgumentList "--debug cache on" -Credential $admCreds
which doesn't work right now, but it may in the future.
Implemented in #188
But PowerShell/PowerShell#18333 / PowerShell/PowerShell#12129 may cause some issues for Invoke-gsudo specifically, not for gsudo -u UserName
Implemented in #188 But PowerShell/PowerShell#18333 / PowerShell/PowerShell#12129 may cause some issues for Invoke-gsudo specifically, not for
gsudo -u UserName
This doesn't solve the issue tho. The end goal is a non-interactive way to run gsudo, so it can be run in e.g. scripts in the background and stuff like that.
The current implementation only adds the option to runas a specific user, but you'll still have to enter password and press "yes" in the UAC prompt.
I can't bypass UAC just with a flag. You need to consent at some point. Or you can disable the consent.
It is not that I won't. I can't ! Even with user & password credentials I can't spawn an elevated process without UAC unless gsudo is already elevated
In your situation, I would either:
a) create a script and add it as a scheduled task. with credentials, etc
b) use gsudo cache for minimal credentials prompt:
gsudo cache on # show one popup.
gsudo X # several actions without popup
gsudo Y
gsudo Z
gsudo cache off
c) disable UAC.
Programming the capability of installing gsudo as a windows service and actually behave like a sudoers
is not in the near-future roadmap...
I created #194 to create the most similar to a UAC bypass I can think of now.