×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Pass credentials from a smartcard

Pass credentials from a smartcard

Pass credentials from a smartcard

(OP)
Here's what I'm trying to do and not sure if it's possible.

Disable a smartcard reader.
Launch IE.
When IE process complete re-enable smartcard reader.

Issue:
It requires admin credentials from smartcard to disable/enable device.
IE cannot run under admin credentials so running .ps1 as admin will not work.

Here's what I currently have:
Credentials and IE are commented out for testing.
When testing if .ps1 ran as admin to works.
When trying to run as non-admin prompting for credentials it does not.

CODE --> Powershell

##get admin credentials from smartcard
#$creds = Get-Credential

##Broadcom smartcard reader
##capture smartcard reader using hardware ID
$d = Get-PnpDevice | where {$_.HardwareID -like "USB\VID_0A5C&PID_5832&REV_0101&MI_01"} 

##disable smartcard reader using admin credentials and suppress confirm prompt
$d | Disable-PnpDevice -Confirm:$false  #$creds
 
##starts IE and holds script until process is completed
#start-process -filepath "C:\Program Files\Internet Explorer\iexplore.exe" -NoNewWindow -Wait https://www.google.com 

## sleep 10 seconds for testing until cert issue resolved
start-sleep -s 10

##enable smartcard reader using admin credentialsand suppress confirm prompt
$d | Enable-PnpDevice -Confirm:$false #$creds 

I would appreciate any assistance.
Micah

RE: Pass credentials from a smartcard

(OP)
Here is the same code with less.

##get admin credentials from smartcard
$creds = Get-Credential

##Broadcom smartcard reader
##capture smartcard reader using hardware ID
$d = Get-PnpDevice | where {$_.HardwareID -like "USB\VID_0A5C&PID_5832&REV_0101&MI_01"} 

##disable smartcard reader using admin credentials and suppress confirm prompt

$d | Disable-PnpDevice -Confirm:$false $creds

## do something then...

##enable smartcard reader using admin credentialsand suppress confirm prompt
$d | Enable-PnpDevice -Confirm:$false $creds
 

This is the error:
Disable-PnpDevice : The input object cannot be bound to any parameters for the command either because the command
does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline
input.
At C:\code\powershell\CCEcard.ps1:10 char:6
+ $d | Disable-PnpDevice -Confirm:$false $creds
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Win32_PnPEntity...6&528937A&0...):PSObject) [Disable-PnpDevice], P
arameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Disable-PnpDevice

Enable-PnpDevice : The input object cannot be bound to any parameters for the command either because the command
does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline
input.
At C:\code\powershell\CCEcard.ps1:15 char:6
+ $d | Enable-PnpDevice -Confirm:$false $creds
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Win32_PnPEntity...6&528937A&0...):PSObject) [Enable-PnpDevice], Pa
rameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Enable-PnpDevice

Thanks

RE: Pass credentials from a smartcard

(OP)
Here is the code I put together that may help someone else.

CODE --> Powershell

# Disables smartcard reader, launches IE, and re-enables smartcard reader after four minutes.
#####Prompts for admin credentials
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))

   {

   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "DarkBlue"

   clear-host

   }

else

   {

   # We are not running "as Administrator" - so relaunch as administrator
   # Create a new process object that starts PowerShell
   $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;

   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";

   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);

   # Exit from the current, unelevated, process
   exit
   }

# Run your code that needs to be elevated here
#####Disable smartcard
devcon disable "USB\VID_0A5C&PID_5832&REV_0101&MI_01"


#####Start IE as non-admin
$newProc = new-object System.Diagnostics.ProcessStartInfo "Powershell"

# Specify what to run, you need the full path after explorer.exe
$newProc.Arguments = "explorer.exe https://www.google.com"
[System.Diagnostics.Process]::Start($newProc)


#####Enable smartcard after four minutes
Start-Sleep -s 240
devcon enable "USB\VID_0A5C&PID_5832&REV_0101&MI_01" 







Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close