Change Tcp/ip settings on domain registered pc with a script

Question

I have a work pc that is registered with an domain. My logon user don have any admin righs but when i'm prompted i have an .\xxxxx account i use to get admin rights.

I often change my IPv4 settings on the LAN card, Sometimes to a static adress and somtimes to DHCP. But every time i want to change the IP settings i need to enter my admin account.

1. is it posibel to do this with a Batch or powershell script? If it can remember my username and password in a secure way?

2. Ore can i get promted fore the admin password only once every day?

Answer 1

Yes, you can perform this action with PowerShell, however, securely storing an administrative login can be somewhat difficult when acting as a standard user. There are native methods where windows can store the administrative credentials, e.g. setting up the action as a scheduled task that you can initiate when required.

Another method is to remotely execute the function from a remote administrative server, as this would not require you to store administrative credentials locally.

Another way, (not recommended), is you can store the username/pass in a file, or include it directly within your script and run it when required.

Answer 2

You can save and use your password in a secure string but I would not really recommend it for anything but basic limited user access credentials (if that).

To store your password

Read-Host "Enter Password" -AsSecureString |  ConvertFrom-SecureString | Out-File "d:\Test\Password.txt"

Then you can use a PSCredential object to pass creds into a PowerShell command

$User = "MyUserName"
$File = "d:\Test\Password.txt"
$MyCredential=New-Object -TypeName System.Management.Automation.PSCredential `
 -ArgumentList $User, (Get-Content $File | ConvertTo-SecureString)

This will not stop anybody who knows what they’re doing from decrypting your password or from reusing your encrypted password if they ever are able to compromise your login. The whole point of converting your password to a SecureString and storing it in a file is to keep it out of plain text in your scripts so that it’s not as easily discovered. It’s not foolproof, but it’s pretty good.

Credit where its due. While I have done this on my own PC I was lazy and grabbed the commands from here https://www.pdq.com/blog/secure-password-with-powershell-encrypting-credentials-part-1/ which has more info on the subject.