Custom Inventory rule to run as a user

We are using Microsoft LAPS to manage the local administrator's passwords.  Works great but I would like a way to get this info in the computer inventory as a custom inventory value.

I created a PowerShell script that can be run from the local computer and works very well when run as a user that has been granted the rights to access the extended attributes in Active Directory:

C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe "Import-Module ActiveDirectory ; Get-ADComputer -Identity %COMPUTERNAME% -Properties * | Select ms-Mcs-AdmPwd |ft -hide"

My issue is when the custom inventory rule runs on the local computer by the KACE agent it is running under the System account.  The local system has the ability to update the value in AD, but not read it back so the following Customer Inventory Rule returns blank text

ShellCommandTextReturn(c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe "Import-Module ActiveDirectory ; Get-ADComputer -Identity %COMPUTERNAME% -Properties * | Select ms-Mcs-AdmPwd |ft -hide")

I would like to get this data associated with the computer inventory somehow and it has to be run as a specific user account.  Any ideas?

0 Comments   [ + ] Show comments

Answers (1)

Posted by: Nico_K 3 years ago
Red Belt
You have a few options to get the informations you want.
1. (my preferred one) Create a KACE Script which runs as the user in need and creates a text file with the results. Use the CIR to read out the file
2. use runas

With 2. you need to use a cleartext password, so I do not prefer this option.
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ