Hello,
We’re encountering a problem where we are running a worklet to import a Group Policy object on a domain controller - the Automox worklet runs as System so has no domain permissions to be able to interact with Group Policy. Has anyone found a way to run a set of PowerShell commands within a worklet as a domain user with elevated privileges, eg. Domain Admin?
Cheers,
Mark.
Hey
While you are correct in that Worklets run as SYSTEM, we do have functions within the Worklet Development Kit that you can use to impersonate or run processes as a current user:
That said, I think I’d need to learn more about what you are trying to achieve here.
Are you attempting to use the Import-GPO cmdlet to replicate a GPO backup to a new domain controller? If so, my first thought is you could use Start-Process to invoke powershell.exe and then pass the -Credential parameter to it. Using Automox Shared Secrets, you could then pass your creds securely through the pipeline.
https://learn.microsoft.com/en-us/powershell/module/grouppolicy/import-gpo?view=windowsserver2022-ps
If you can share the script or methods you’re investigating, I’ll see how we can help!
Hi Jon!
We are applying a Group Policy to a large number of individual domains. We created the group policy, backed it up, and intended to use Automox to import it to a domain controller in every domain we needed to hit.
The current user angle wouldn’t work as no user would be logged on to a domain controller, however the Start-Process with Secrets method you mentioned seems like a promising approach that we’ll look into using.
Cheers!
Mark
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
