I have several app pools in my IIS setup that need a swift kick (recycle) once in awhile. I can run the following from a powershell command line myself just fine and even script it for easy execution.
Invoke-command-computername MYSERVER-scriptblock{import-modulewebadministration;Restart-WebAppPool-nameMYAPPPOOLNAME}
I dont really want to do this myself as the users reporting this are calling the helpdesk and I would "love" for the helpdesk staff be able to recycle this app pool via script i give them to execute instead of hunt me down. Here is what I decided to do...
$username="mydomain\administrativeaccountonserver"
$password =cat\\networkfolder\anotherfolder\Documents\secureencryptedpassword.txt|ConvertTo-SecureString
$cred=new-object-TypeNameSystem.Management.Automation.PSCredential-ArgumentList$username,$password
Invoke-command-computernameMYSERVER-scriptblock{import-modulewebadministration;Restart-WebAppPool-nameMYAPPPOOLNAME}
To get the secure text file, I used the command...
Read-Host -assecurestring | ConvertFrom-Securestring | Out-File \\locationoftexfileabove .txt
It works... but "management" thinks this is a security risk. Thinking they can just copy this script and "change" the remote command to do some nasty stuff to our IIS server.
IS there another way I can use a non-administrator account to run this script without actually being able to edit or copy any info from it? If this is so unsecure, why store encrypted passwords in this manner anyway.
I am really hoping I can get the helpdesk to perform this task when needed but I want to ensure management that the helpdesk will not be able to "take advantage" of elevated permissions anywhere else by copying the script or editing it to meet their needs.
Regards,
Dave