cancel
Showing results for 
Search instead for 
Did you mean: 

Best practices for using the "Run as User" Recommended Command for Windows & Displaying a Useful Result

scott_reed
JumpCloud Employee
JumpCloud Employee

👋🏻 

JumpCloud commands are the most powerful and extensible features of the JumpCloud platform.

Anything that can be scripted locally on a machine can be deployed as a JumpCloud command.

On macOS and Linux systems commands can be selected to run as a specific user or can be built to use the su command  to dynamically run as the 'signed in user'

This example command in the JumpCloud Command Gallery highlights how to get the logged in user on macOS which can be paired with the su command to switch to them. 

On Windows there is no "Run as User" option when configuring a new command.

scott_reed_0-1659562475628.png

All Windows commands execute as the NTAuthority\System and therefore can not interact with the signed in user session by default.

A recent addition to the Recommended Commands section on the command tab is a powerful "Run as User" Windows example command template.

scott_reed_1-1659562543790.png

This template, also available in the JumpCloud Command Gallery is incredibly powerful as it opens the door to interacting with the signed in user session and unlocks immense possibilities for commands. 

The template leverages the RunAsUser Module. An example on the project site shows how to get the OneDrive files in the currently logged on user profile

A key "gotcha" I've learned playing with this module is that the expected "output" when running a command is not returned by default using the template. 

scott_reed_2-1659563662905.png

Digging into the Readme.md file on the project site I found the reason why.

When you execute invoke-ascurrentuser the command will always return the PID of the process it ran/is running in.

The JumpCloud Solution Architecture team has created an elegant method to return output from a "Run as User" template which can be found under the "Usage Notes" section of the command template in the gallery.  

scott_reed_3-1659563700347.png

This solution first creates a local file on the system a command is run on to capture the results of the invoke-ascurrentuser command and then uses the Get-Content PowerShell command to return the output.

💪🏼 

 

1 REPLY 1

BScott
Community Manager Community Manager
Community Manager

via GIPHY

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.