Run Script as Different User

Topics: Archive - General
Aug 21, 2015 at 5:53 PM
Edited Aug 21, 2015 at 5:53 PM
I have some code I need to use to add a machine to a collection during an MSI install. I am already using the PADT to install the MSI. I also have it in ConfigMgr as an application deployment. The code needs to run as a service account that has access in ConfigMgr 2012. Is there an existing way in PADT of running that code without exposing the password?

I simplified the code for my testing.

https://social.technet.microsoft.com/forums/systemcenter/en-US/d569076f-001a-48b5-bb8a-2eb3a40b86d6/programatically-add-computers-to-a-collection-in-sccm

$CollectionName = "<collectionname>"
$ComputerName = $Env:COMPUTERNAME
$SmsAuthority = Get-WmiObject -Namespace "Root\CCM" -Class "SMS_Authority"
[String]$SMSSiteCode = $SmsAuthority.Name.Remove(0, 4)
$SMSManagementServer = "<servername>"
$SmsResourceID = $(Get-WmiObject -ComputerName $SMSManagementServer -Namespace "Root\Sms\Site_$SmsSiteCode" -Query "Select * From SMS_R_System Where Name='$($ComputerName)'").ResourceID
$SmsNewRule = $([wmiclass]$("\$($SmsManagementServer)\root\sms\site_$($SmsSiteCode):SMS_CollectionRuleDirect")).CreateInstance()
$SmsCollection = Get-WmiObject -ComputerName $SMSManagementServer -Namespace "Root\Sms\Site_$SmsSiteCode" -Query "Select * From SMS_Collection Where Name='$($CollectionName)'"
$SmsCollection.Get()
$SmsNewRule.ResourceClassName = "SMS_R_System"
$SmsNewRule.ResourceID = $SmsResourceID
$SmsNewRule.RuleName = $ComputerName
[System.Management.ManagementBaseObject[]]$SmsRules = $SmsCollection.CollectionRules
$SmsRules += $SmsNewRule
$SmsCollection.CollectionRules = $SmsRules
$SmsCollection.Put()

Thanks,

Mike
Aug 22, 2015 at 7:55 AM
Edited Aug 22, 2015 at 7:55 AM
Well I finally figured it out and I thought I would share my proof of concept code. I am being forced to replace SCEP and install CheckPoint. I need to be able to add the computer to a collection so that SCEP no longer manages the computer. If I didn't do this it would keep reinstalling. This code will add the computer to the collection once I uninstall SCEP and install Checkpoint (against my better judgement). I simplified the code as much as I could for testing. This was not as straight forward with powershell as I expected it to be. I have an editor that will convert this script to an exe so I can call it in the Deploy-Application.PS1.

$ComputerName = $Env:COMPUTERNAME
$CollectionName = 'Test Collection'
$NameSpace = 'root\ccm'
$ServerName = '<servername>'
$username = '<domain>\<serviceAccount>'
$password = '<password>'
$cred=new-object system.management.automation.PSCredential $user,$password
$SMSSiteCode = 'PRI'
$SMSManagementServer = '<servername>'

$SmsResourceID = $(Get-WmiObject -ComputerName $SMSManagementServer -Namespace "Root\Sms\Site_$SmsSiteCode" -Credential $cred -Query "Select * From SMS_R_System Where Name='$($ComputerName)'").ResourceID
$SmsNewRule = $([wmiclass]$("\$($SmsManagementServer)\root\sms\site_$($SmsSiteCode):SMS_CollectionRuleDirect")).CreateInstance()

$SmsCollection = Get-WmiObject -ComputerName $SMSManagementServer -Namespace "Root\Sms\Site_$SmsSiteCode" -Credential $cred -Query "Select * From SMS_Collection Where Name='$($CollectionName)'"
$SmsCollection.Get()

$SmsNewRule.ResourceClassName = "SMS_R_System"
$SmsNewRule.ResourceID = $SmsResourceID
$SmsNewRule.RuleName = $ComputerName

[System.Management.ManagementBaseObject[]]$SmsRules = $SmsCollection.CollectionRules
$SmsRules += $SmsNewRule
$SmsCollection.CollectionRules = $SmsRules
$SmsCollection.Put()
$SmsCollection.RequestRefresh