techthoughts2/ps_runas.ps1

## ps_runas.ps1
function Get-ImpersonatetLib {
	if ($script:ImpersonateLib) {
		return $script:ImpersonateLib
	}

	$sig = @'
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

[DllImport("kernel32.dll")]
public static extern Boolean CloseHandle(IntPtr hObject);
'@
	$script:ImpersonateLib = Add-Type -PassThru -Namespace 'Lib.Impersonation' -Name ImpersonationLib -MemberDefinition $sig

	return $script:ImpersonateLib

}

function ImpersonateAs([PSCredential]$cred) {
	[IntPtr]$userToken = [Security.Principal.WindowsIdentity]::GetCurrent().Token
	$userToken
	$ImpersonateLib = Get-ImpersonatetLib

	$bLogin = $ImpersonateLib::LogonUser($cred.GetNetworkCredential().UserName, $cred.GetNetworkCredential().Domain, $cred.GetNetworkCredential().Password,
		9, 0, [ref]$userToken)

	if ($bLogin) {
		$Identity = New-Object Security.Principal.WindowsIdentity $userToken
		$context = $Identity.Impersonate()
	}
	else {
		throw "Can't Logon as User $cred.GetNetworkCredential().UserName."
	}
	$context, $userToken
}

function CloseUserToken([IntPtr]$token) {
	$ImpersonateLib = Get-ImpersonatetLib

	$bLogin = $ImpersonateLib::CloseHandle($token)
	if (!$bLogin) {
		throw "Can't close token"
	}
}

$PASSWORD = 'password'
$user = "domain\user"
$secureString = ConvertTo-SecureString -AsPlainText -Force -String $PASSWORD
$credential = New-Object `
						 -TypeName System.Management.Automation.PSCredential `
						 -ArgumentList $user, $secureString

($oldToken, $context, $newToken) = ImpersonateAs -cred $Credential

#commands from this point forward will be run as the credential you provided
#Get-Service <--- now runs as the context user
	function Get-ImpersonatetLib {
	if ($script:ImpersonateLib) {
	return $script:ImpersonateLib
	}

	$sig = @'
	[DllImport("advapi32.dll", SetLastError = true)]
	public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

	[DllImport("kernel32.dll")]
	public static extern Boolean CloseHandle(IntPtr hObject);
	'@
	$script:ImpersonateLib = Add-Type -PassThru -Namespace 'Lib.Impersonation' -Name ImpersonationLib -MemberDefinition $sig

	return $script:ImpersonateLib

	}

	function ImpersonateAs([PSCredential]$cred) {
	[IntPtr]$userToken = [Security.Principal.WindowsIdentity]::GetCurrent().Token
	$userToken
	$ImpersonateLib = Get-ImpersonatetLib

	$bLogin = $ImpersonateLib::LogonUser($cred.GetNetworkCredential().UserName, $cred.GetNetworkCredential().Domain, $cred.GetNetworkCredential().Password,
	9, 0, [ref]$userToken)

	if ($bLogin) {
	$Identity = New-Object Security.Principal.WindowsIdentity $userToken
	$context = $Identity.Impersonate()
	}
	else {
	throw "Can't Logon as User $cred.GetNetworkCredential().UserName."
	}
	$context, $userToken
	}

	function CloseUserToken([IntPtr]$token) {
	$ImpersonateLib = Get-ImpersonatetLib

	$bLogin = $ImpersonateLib::CloseHandle($token)
	if (!$bLogin) {
	throw "Can't close token"
	}
	}

	$PASSWORD = 'password'
	$user = "domain\user"
	$secureString = ConvertTo-SecureString -AsPlainText -Force -String $PASSWORD
	$credential = New-Object `
	-TypeName System.Management.Automation.PSCredential `
	-ArgumentList $user, $secureString

	($oldToken, $context, $newToken) = ImpersonateAs -cred $Credential

	#commands from this point forward will be run as the credential you provided
	#Get-Service <--- now runs as the context user