Monday, 6 February 2012

Powershell Script Block - Permissions evelvation - run code under specific user account

Powershell command start-job does support running the script block under specified user. The command also supports various other feature which can be found under this link.

The command helps in various configuration scenarios for example if you were to configure user profile service application using install account but actual service provisioning should happen under farm account. In such case, the code block that provisions service application and synchronization service should be run under farm account. 

Here is code snippet. This approach is better than launching a separate process also it runs commands in background without interacting with current user session.   
$init = {Add-PSSnapIn Microsoft.SharePoint.Powershell}
$sb = {
#powershell code to provision user profile service application 
}
# fetch farm account 
$farmaccount = (Get-SPFarm).DefaultServiceAccount
$cred = Get-Credential $farmaccount.Name
$job = Start-Job -ScriptsBlock $sb -Credential $cred -InitializationScript $init
$job | wait-job | receive-job

I will expand this topic and give you more code samples when I discuss User Profile Service Application provisioning.


Hope this helps !


Majid
at
Labels:

2 comments:

Anonymous said...

Nice, thanks. waiting to get your code samples...

6 February 2012 at 10:00
Andy said...

Ah, I have used this command before but not in User Profiles case.
Good work !

8 February 2012 at 04:41

Post a Comment

Subscribe to: Post Comments (Atom)

Iconise ‘Add Picture’ control in PowerApps

Default look you get for ‘Add Picture’ control is not very appealing for end user and there is no OTB way of specifying icon for this con...