1

I have created a powershell script that enables basic authentication, I needed this to allow the winrm to work when running some of our older powershell scripts. What I need to do now is be able to call this script as a function with either a true false argument. e.g. disable or enable basic authentication. How can I wrap this code into a function so that I can call it from other powershell scripts?
SO if I send a command to this script e.g.
basicauth($true) - it will run the script as is
basicauth($false - would disable basic authentication
I can create the alternate if else statement for when the true of false is sent to this, but not sure how I can wrap the whole script into a function.
Apologies for the novice status with powershell, it took me awhile to get this script working the way it is.

param([switch]$Elevated)
# Get variables
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client"
$key1 = "AllowDigest"
$key2 = "AllowUnencryptedTraffic"
$key3 = "AllowBasic"
$off = "00000000"
$on = "00000001"
# enables admin privileges
function Test-Admin {
  $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
  $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
}
if ((Test-Admin) -eq $false)  {
    if ($elevated) 
    {
        'tried to elevate, did not work, aborting...'
    } 
    else {
        Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
}
exit
}

# checks if the registry path is available, before adding the registry key values
        If (!(Test-Path $registryPath))
        {
            New-Item -Path $registryPath -Force | out-Null
            New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
            New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
            New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
            #'registry key did not exist'
            exit
        }
        Else 
        {
            New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
            New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
            New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
            #'registry key exists'
            exit
        }

NOTE: Now I know that the Else statement should have the values as: Set-ItemProperty although if I change the code to have Set-ItemProperty the script no longer works, only way I have this working is to have it as: New-ItemProperty. Doesn't really make sense but it works.
Ideally it would be better to just update the current powershell scripts to use modern authentication, but there is 100's of them so not really a viable option for me.
Any assistance would be greatly appreciated.

Improve this question
2
  • To test if a switch is present: If ($elevated.IsPresent) Commented Jun 19, 2020 at 2:45
  • @RetiredGeek - I have re-phrased my initial question. Commented Jun 23, 2020 at 0:26

1 Answer 1

Reset to default
1

If you wrap the entire function in an if statement like:

param([switch]$Elevated)

if($elevated) {
    ...script code here
}

Then you can call the function with that parameter like . "scriptname.ps1" -Elevated to execute what is inside the scriptblock. Instead just calling . "scriptname.ps1" without the -Elevated parameter will not do anything because you'll hit your if statement:

if ($elevated) {

and elevated doesn't exist which means nothing inside the scriptblock executes.

I don't see the purpose of doing this in your case because if you already have logic to decide whether or not to pass in true or false, why not just use that logic to decide whether or not to call the script at all? My guess is that you don't actually mean that you only want to execute the entire script if a user is 'elevated' but rather check if they can be elevated in the script and then do something else.

In that case you should take a look at Advanced PowerShell Functions. You could do something like this:

# Get variables
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client"
$key1 = "AllowDigest"
$key2 = "AllowUnencryptedTraffic"
$key3 = "AllowBasic"
$off = "00000000"
$on = "00000001"
# enables admin privileges
function Test-Admin {
    $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
    $isAdmin = $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
    return $isAdmin
}

function Do-TheRestOfTheThings {
    [CmdletBinding()]
    param()
    Get-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
    If (!(Test-Path $registryPath)) {
        New-Item -Path $registryPath -Force | out-Null
        New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
        New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
        New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
        #'registry key did not exist'
        exit
    }
    Else {
        New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
        New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
        New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
        #'registry key exists'
    }
}

if(Test-Admin) {
    Do-TheRestOfTheThings
}
else {
    'tried to elevate, did not work, aborting...'
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for this, will test it out and let you know how it goes. Basically I have a number of powershell scripts that use basic authentication, which I have "inherited". Rather than updating every script, I want to just call this script to enable basic authentication, then at the end of the script disable basic authentication again. So call this script as: basicauth($true) to turn it on, then at the end of the script basicauth($false) to disable it again.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.