Chapter 12. Working with credentials
This chapter covers
- Creating a credential object
- Using credentials
- Supporting alternative credentials in your scripts
A great many PowerShell commands have a –credential parameter. You can view the list by typing
When you use this parameter, it generally allows the command to operate with the username and password you provide rather than the one you used to log on to the shell. It’s a great way to enable the principle of least privilege: Do as much work as you can with unprivileged credentials, but when more privilege is required, specify alternative credentials for that purpose. You’ll need to run PowerShell with elevated privileges (“Run as Administrator”) to complete some actions regardless of the credentials you use.
Most of the time, you’ll find that a –credential parameter will accept one of two objects: a string object or a credential object. The string object is easy: Provide a username, which can be either a plain username or a DOMAIN\User-style username. If you don’t specify a domain component, the credential will be assumed to be an account on the local machine.
Warning
Some cmdlets—such as Get-WmiObject—don’t accept credentials when working against the local machine.