diff --git a/dsc/configurations/runAsUser.md b/dsc/configurations/runAsUser.md index 851e253e2c75..6a223061351e 100644 --- a/dsc/configurations/runAsUser.md +++ b/dsc/configurations/runAsUser.md @@ -7,23 +7,28 @@ title: Use Credentials with DSC Resources > Applies To: Windows PowerShell 5.0, Windows PowerShell 5.1 -You can run a DSC resource under a specified set of credentials by using the automatic **PsDscRunAsCredential** property in the configuration. -By default, DSC runs each resource as the system account. -There are times when running as a user is necessary, such as installing MSI packages in a specific user context, setting a user's registry keys, accessing a user's specific local directory, -or accessing a network share. +You can run a DSC resource under a specified set of credentials by using the automatic +**PsDscRunAsCredential** property in the configuration. By default, DSC runs each resource as the +system account. There are times when running as a user is necessary, such as installing MSI packages +in a specific user context, setting a user's registry keys, accessing a user's specific local +directory, or accessing a network share. The **SeInteractiveLogonRight** is required, by the target +machine, for any account you specify to **PSDSCRunAsCredential**. For more information, see +[Account Rights Constants](/windows/desktop/secauthz/account-rights-constants). -Every DSC resource has a **PsDscRunAsCredential** property that can be set to any user credentials (a [PSCredential](/dotnet/api/system.management.automation.pscredential) object). -The credential can be hard-coded as the value of the property in the configuration, or you can set the value to [Get-Credential](/powershell/module/Microsoft.PowerShell.Security/Get-Credential), -which will prompt the user for a credential when the configuration is compiled (for information about compiling configurations, see [Configurations](configurations.md). +Every DSC resource has a **PsDscRunAsCredential** property that can be set to any user credentials +(a [PSCredential](/dotnet/api/system.management.automation.pscredential) object). The credential can +be hard-coded as the value of the property in the configuration, or you can set the value to [Get-Credential](/powershell/module/Microsoft.PowerShell.Security/Get-Credential), +which will prompt the user for a credential when the configuration is compiled (for information +about compiling configurations, see [Configurations](configurations.md). -> [!NOTE] -> In PowerShell 5.0, using the **PsDscRunAsCredential** property in configurations calling composite resources was not supported. -> In PowerShell 5.1, the **PsDscRunAsCredential** property is supported in configurations calling composite resources. -> The **PsDscRunAsCredential** property is not available in PowerShell 4.0. +> [!NOTE] In PowerShell 5.0, using the **PsDscRunAsCredential** property in configurations calling +> composite resources was not supported. In PowerShell 5.1, the **PsDscRunAsCredential** property is +> supported in configurations calling composite resources. The **PsDscRunAsCredential** property is +> not available in PowerShell 4.0. -In the following example, `Get-Credential` is used to prompt the user for credentials. -The **Registry** resource is used to change the registry key that specifies the background color -for the Windows command prompt window. +In the following example, `Get-Credential` is used to prompt the user for credentials. The +**Registry** resource is used to change the registry key that specifies the background color for the +Windows command prompt window. ```powershell Configuration ChangeCmdBackGroundColor @@ -60,6 +65,6 @@ $configData = @{ ChangeCmdBackGroundColor -ConfigurationData $configData ``` -> [!NOTE] -> This example assumes that you have a valid certificate at `C:\publicKeys\targetNode.cer`, and that the thumbprint of that certificate is the value shown. -> For information about encrypting credentials in DSC configuration MOF files, see [Securing the MOF file](../pull-server/secureMOF.md). +> [!NOTE] This example assumes that you have a valid certificate at `C:\publicKeys\targetNode.cer`, +> and that the thumbprint of that certificate is the value shown. For information about encrypting +> credentials in DSC configuration MOF files, see [Securing the MOF file](../pull-server/secureMOF.md).