Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pass credentials from a smartcard

Status
Not open for further replies.

Zappd

Technical User
May 5, 2016
22
US
Here's what I'm trying to do and not sure if it's possible.

Disable a smartcard reader.
Launch IE.
When IE process complete re-enable smartcard reader.

Issue:
It requires admin credentials from smartcard to disable/enable device.
IE cannot run under admin credentials so running .ps1 as admin will not work.

Here's what I currently have:
Credentials and IE are commented out for testing.
When testing if .ps1 ran as admin to works.
When trying to run as non-admin prompting for credentials it does not.

Code:
##get admin credentials from smartcard
#$creds = Get-Credential

##Broadcom smartcard reader
##capture smartcard reader using hardware ID
$d = Get-PnpDevice | where {$_.HardwareID -like "USB\VID_0A5C&PID_5832&REV_0101&MI_01"} 

##disable smartcard reader using admin credentials and suppress confirm prompt
$d | Disable-PnpDevice -Confirm:$false  #$creds
 
##starts IE and holds script until process is completed
#start-process -filepath "C:\Program Files\Internet Explorer\iexplore.exe" -NoNewWindow -Wait [URL unfurl="true"]https://www.google.com[/URL] 

## sleep 10 seconds for testing until cert issue resolved
start-sleep -s 10

##enable smartcard reader using admin credentialsand suppress confirm prompt
$d | Enable-PnpDevice -Confirm:$false #$creds

I would appreciate any assistance.
Micah
 
Here is the same code with less.

[pre]
##get admin credentials from smartcard
$creds = Get-Credential

##Broadcom smartcard reader
##capture smartcard reader using hardware ID
$d = Get-PnpDevice | where {$_.HardwareID -like "USB\VID_0A5C&PID_5832&REV_0101&MI_01"}

##disable smartcard reader using admin credentials and suppress confirm prompt

$d | Disable-PnpDevice -Confirm:$false $creds

## do something then...

##enable smartcard reader using admin credentialsand suppress confirm prompt
$d | Enable-PnpDevice -Confirm:$false $creds
[/pre]

This is the error:
Disable-PnpDevice : The input object cannot be bound to any parameters for the command either because the command
does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline
input.
At C:\code\powershell\CCEcard.ps1:10 char:6
+ $d | Disable-PnpDevice -Confirm:$false $creds
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Win32_PnPEntity...6&528937A&0...):pSObject) [Disable-PnpDevice], P
arameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Disable-PnpDevice

Enable-PnpDevice : The input object cannot be bound to any parameters for the command either because the command
does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline
input.
At C:\code\powershell\CCEcard.ps1:15 char:6
+ $d | Enable-PnpDevice -Confirm:$false $creds
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Win32_PnPEntity...6&528937A&0...):pSObject) [Enable-PnpDevice], Pa
rameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Enable-PnpDevice

Thanks
 
Here is the code I put together that may help someone else.

Code:
# Disables smartcard reader, launches IE, and re-enables smartcard reader after four minutes.
#####Prompts for admin credentials
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))

   {

   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "DarkBlue"

   clear-host

   }

else

   {

   # We are not running "as Administrator" - so relaunch as administrator
   # Create a new process object that starts PowerShell
   $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;

   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";

   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);

   # Exit from the current, unelevated, process
   exit
   }

# Run your code that needs to be elevated here
#####Disable smartcard
devcon disable "USB\VID_0A5C&PID_5832&REV_0101&MI_01"


#####Start IE as non-admin
$newProc = new-object System.Diagnostics.ProcessStartInfo "Powershell"

# Specify what to run, you need the full path after explorer.exe
$newProc.Arguments = "explorer.exe [URL unfurl="true"]https://www.google.com"[/URL]
[System.Diagnostics.Process]::Start($newProc)


#####Enable smartcard after four minutes
Start-Sleep -s 240
devcon enable "USB\VID_0A5C&PID_5832&REV_0101&MI_01"
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top