Scripts Failing to Execute with User's Credentials

Product: PowerShell Universal
Version: 2.5.4

My dashboard contains a button that executes a script as a PSU job using the user’s credentials. The only way I have been able to get the script to execute successfully is by adding the user’s account in the local administrators group on the server hosting PSU. What piece am I missing and where else can I add the user (or group) instead of adding them in the local administrators group?

Couple of other notes:

  • PSU is running as a service with a service account
  • I tried adding the user’s account under the local security policy “Log on as a batch job” and “Adjust memory quotas for a process” but this still did not allow the script to execute successfully.
  • In the PSU admin console under jobs, the status of the failed job is as follows: “Error executing job: Failed to login user (1385). System.ComponentModel.Win32Exception (1385). Logon failure: the user has not been granted the requested logon type at this computer.”

I’m new to this as well, and trying to wrap my head around whether it’s possible to run a script as the signed in user. The user account would have to have rights to do whatever it needs to do regardless of being ran by PSU.

How are you attempting to pass the user’s credentials onto the script?

It’s possible but not straight forward at the moment. It only works with forms authentication, you need to persist the credential as a secret in PSU and then use that secret when they start a script.

Thanks @adam, I did come across that method in another thread yesterday and may explore that soon. Trying to figure out advantages/disadvantages of each method in my head including security implications.