Home > front end >  Import-PFX as another user - Impersonation
Import-PFX as another user - Impersonation

Time:05-13

I wanted to reach out and see if anyone has some tips on impersonation/runas cmds. I am working on a script that exports, then imports a .pfx certificate over to the users profile from the admin profile. Right now, I have everything working except for the import portion.

As seen below, I am showing only the import portion. $x and $y variables are defined earlier in the script by user input and that works okay.

Everything works up until the import-pfxcertificate cmdlet and scriptblock. Running that scriptblock as the other use is proving to be difficult. If anyone has any advice on how to structure that scriptblock cmd so that it will runas the user, that would be great!

I have an error log written into the script as well (not shown) Unfortunately, it is not picking up any errors because I believe it is pulling a local machine cert rather than the cert I specified - so no real error messages.

    <#Cache credentials in IE and Import new or existing cert as client#>
  function importcert
 {
     certpath = "C:\Temp\$x.pfx"
     $password = $y | ConvertTo-SecureString -AsPlainText -Force
     
<#Enter your credentials#>
     Credentials = Get-Credential -Credential corp\$x
     
<#Export to Secure XML#>
     $Credentials | Export-Clixml -path 'C:\Temp\creds.xml'
     
 <#Import credentials and run application using those credentials#>
     Set-Location C:\
     $creds = Import-Clixml -Path 'C:\Temp\creds.xml'
     $ie = Start-Process -FilePath 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' -Credential $creds
     $ie
     Start-Sleep -Seconds 30
     
     
 <#Imports the certificate as the client#>
     Start-Job -ScriptBlock { Import-PfxCertificate -FilePath $certpath -Exportable -CertStoreLocation Cert:\CurrentUser\My -Password $password } -Credential $creds
     
     
 <#Search For Client Credential and if path is false, the credential file was removed successfully.#>
     $clientXML = Test-Path -Path "C:\Temp\creds.xml"
     Remove-Item -Path "C:\Temp\creds.xml"
     if (-not ($clientXML))
     {
         Write-Output "Credential XML was removed"
     }
     
 }
 importcert

CodePudding user response:

It looks like all you're missing is some arguments for your Start-Job. I just tested this out locally and got it to install mycert.pfx for the other user TomServo:

<#Cache credentials in IE and Import new or existing cert as client#>
$Certpath = Get-Item "C:\Projects\Sandbox\mycert.pfx"
$Password = '{Password}' | ConvertTo-SecureString -AsPlainText -Force
    
<#Enter your credentials#>
$Credentials = Get-Credential -UserName TomServo
    
<#Export to Secure XML#>
$Credentials | Export-Clixml -path 'C:\Projects\Sandbox\creds.xml'
    
<#Import credentials and run application using those credentials#>
Set-Location C:\
$Creds = Import-Clixml -Path 'C:\Projects\Sandbox\creds.xml'
$Ie = Start-Process -FilePath 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' -Credential $Creds
$Ie
Start-Sleep -Seconds 30
    
<#Imports the certificate as the client#>
Start-Job -ScriptBlock { 
    param($certpath, $Password)
    Import-PfxCertificate -FilePath $Certpath -Exportable -CertStoreLocation Cert:\CurrentUser\My -Password $Password 
} -Credential $Creds -ArgumentList $Certpath, $Password
    
<#Search For Client Credential and if path is false, the credential file was removed successfully.#>
$ClientXML = Test-Path -Path "C:\Projects\Sandbox\creds.xml"
Remove-Item -Path "C:\Projects\Sandbox\creds.xml"
if (-not ($ClientXML))
{
    Write-Output "Credential XML was removed"
}
  • Related