作为另一个用户导入 PFX - 模拟

Import-PFX as another user - Impersonation

我想联系一下,看看是否有人对 impersonation/runas cmds 有一些建议。我正在处理导出的脚本,然后将 .pfx 证书从管理员配置文件导入到用户配置文件。现在,除了导入部分,我的所有东西都在工作。

如下所示,我只展示了导入部分。 $x 和 $y 变量由用户输入在脚本的前面定义并且工作正常。

一切正常,直到 import-pfxcertificate cmdlet 和脚本块。 运行 脚本块作为其他用途被证明是困难的。如果有人对如何构建该脚本块 cmd 以使其以用户身份运行有任何建议,那就太好了!

我也在脚本中写入了一个错误日志(未显示)不幸的是,它没有发现任何错误,因为我相信它正在提取本地机器证书而不是我指定的证书 - 所以没有真正的错误消息。

    <#Cache credentials in IE and Import new or existing cert as client#>
  function importcert
 {
     certpath = "C:\Temp$x.pfx"
     $password = $y | ConvertTo-SecureString -AsPlainText -Force
     
<#Enter your credentials#>
     Credentials = Get-Credential -Credential corp$x
     
<#Export to Secure XML#>
     $Credentials | Export-Clixml -path 'C:\Temp\creds.xml'
     
 <#Import credentials and run application using those credentials#>
     Set-Location C:\
     $creds = Import-Clixml -Path 'C:\Temp\creds.xml'
     $ie = Start-Process -FilePath 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' -Credential $creds
     $ie
     Start-Sleep -Seconds 30
     
     
 <#Imports the certificate as the client#>
     Start-Job -ScriptBlock { Import-PfxCertificate -FilePath $certpath -Exportable -CertStoreLocation Cert:\CurrentUser\My -Password $password } -Credential $creds
     
     
 <#Search For Client Credential and if path is false, the credential file was removed successfully.#>
     $clientXML = Test-Path -Path "C:\Temp\creds.xml"
     Remove-Item -Path "C:\Temp\creds.xml"
     if (-not ($clientXML))
     {
         Write-Output "Credential XML was removed"
     }
     
 }
 importcert

看来您只缺少 Start-Job 的一些参数。我刚刚在本地测试了这个并让它安装 mycert.pfx 给其他用户 TomServo:

<#Cache credentials in IE and Import new or existing cert as client#>
$Certpath = Get-Item "C:\Projects\Sandbox\mycert.pfx"
$Password = '{Password}' | ConvertTo-SecureString -AsPlainText -Force
    
<#Enter your credentials#>
$Credentials = Get-Credential -UserName TomServo
    
<#Export to Secure XML#>
$Credentials | Export-Clixml -path 'C:\Projects\Sandbox\creds.xml'
    
<#Import credentials and run application using those credentials#>
Set-Location C:\
$Creds = Import-Clixml -Path 'C:\Projects\Sandbox\creds.xml'
$Ie = Start-Process -FilePath 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' -Credential $Creds
$Ie
Start-Sleep -Seconds 30
    
<#Imports the certificate as the client#>
Start-Job -ScriptBlock { 
    param($certpath, $Password)
    Import-PfxCertificate -FilePath $Certpath -Exportable -CertStoreLocation Cert:\CurrentUser\My -Password $Password 
} -Credential $Creds -ArgumentList $Certpath, $Password
    
<#Search For Client Credential and if path is false, the credential file was removed successfully.#>
$ClientXML = Test-Path -Path "C:\Projects\Sandbox\creds.xml"
Remove-Item -Path "C:\Projects\Sandbox\creds.xml"
if (-not ($ClientXML))
{
    Write-Output "Credential XML was removed"
}