Ultimately, having roles that can be granted rights to run certain scripts (and not others) is what I want (see Permissions on Scripts). But I’m not sure how deep in the backlog that feature request is, so I’m trying to work around it by embedding something into the script that needs protecting. Here are my ideas:
- Get a username and password by specifying a parameter of type [System.Management.Automation.PSCredential]. PSU would have to know how to deal with collecting this input
- Get a password with Read-Host -AsSecureString (so the input is masked)
- Somehow allow the script to get the logged-on username from PSU. (I use Forms auth with domain username/password checking.) Maybe PSU could initialize an environment variable for use by the script. If I had this, I could make sure the user was part of the right group as the first step in the script.
I’m open to other ideas. All of the above require changes to PSU insofar as I can tell.
-Eric