running as another user

Author: Rob

notebooks/dotNETNotebooks/Secrets/Secret_Management_Opening_Programmes_with_other_credentials.ipynb

@@ -0,0 +1,87 @@
+{
+    "metadata": {
+        "kernelspec": {
+            "name": ".net-powershell",
+            "display_name": ".NET (PowerShell)"
+        },
+        "language_info": {
+            "name": "PowerShell",
+            "version": "7.0",
+            "mimetype": "text/x-powershell",
+            "file_extension": ".ps1",
+            "pygments_lexer": "powershell"
+        }
+    },
+    "nbformat_minor": 2,
+    "nbformat": 4,
+    "cells": [
+        {
+            "cell_type": "markdown",
+            "source": [
+                "# Opening Programmes with other credentials using Secret Management\r\n",
+                "\r\n",
+                "It is good practice to not log into your work station with an account with admin privileges. In many shops, you will need to open programmes that can do administration tasks with another user account credentials. unfortunately, people being people, they will often store their admin account credentials in a less than ideal manner (OneNote, Notepad ++ etc) so that when they right click and run as a different user, they can copy and paste the password.\r\n",
+                "\r\n",
+                "## Use the Secret Management module\r\n",
+                "\r\n",
+                "You can use the Secret Management module to do this. See the [Secrets_Management_with_PowerShell](Secrets_Management_with_PowerShell.ipynb) notebook to show how to install the module and add secrets.\r\n",
+                "\r\n",
+                "##  Using my admin account\r\n",
+                "\r\n",
+                "I have an admin account called `THEBEARD\\fatherjack`\r\n",
+                "\r\n",
+                "I am going to add the user account to my LocalVault"
+            ],
+            "metadata": {
+                "azdata_cell_guid": "eda16b16-6fd1-4006-8547-e9fe07ff67d2"
+            }
+        },
+        {
+            "cell_type": "code",
+            "source": [
+                "$Secret = Read-Host \"tell me your secret\" -AsSecureString\r\n",
+                "Set-Secret -Name THEBEARD\\fatherjack-Secret $Secret"
+            ],
+            "metadata": {
+                "azdata_cell_guid": "f5f3eff1-f80d-43c4-be6a-c352118c9b75"
+            },
+            "outputs": [],
+            "execution_count": 14
+        },
+        {
+            "cell_type": "markdown",
+            "source": [
+                "## Opening Programmes as my admin user\r\n",
+                "\r\n",
+                "With the password in the vault, I can now use `Start-Process` with the `-Credential` parameter to run those programmes as my admin user."
+            ],
+            "metadata": {
+                "azdata_cell_guid": "772b5a91-7bb2-4264-a17f-13819569257a"
+            }
+        },
+        {
+            "cell_type": "code",
+            "source": [
+                "$fatherjack = New-Object System.Management.Automation.PSCredential ('THEBEARD\\fatherjack',(Get-Secret -Name 'THEBEARD\\fatherjack'))\n",
+                "Start-Process code -Credential $fatherjack\n",
+                "Start-Process ssms -Credential $fatherjack\n",
+                "Start-Process azuredatastudio -Credential $fatherjack\n",
+                ""
+            ],
+            "metadata": {
+                "azdata_cell_guid": "18f083e9-c944-44d6-b970-f0583b372d81"
+            },
+            "outputs": [],
+            "execution_count": 3
+        },
+        {
+            "cell_type": "markdown",
+            "source": [
+                "![runas](runas.png)"
+            ],
+            "metadata": {
+                "azdata_cell_guid": "3911b4f1-34a5-4e86-a925-fc08581b53e7"
+            }
+        }
+    ]
+}