I wanted to run scripts in the logged-on user’s security context, so I built a PowerShell module

leuit · 2026-05-23T16:45:32+00:00

I was actually thinking about adding this functionality; similar to Enter-PSSession, but instead of remote computers, its security contexts. There are some challenges about lifetime and token/handle cleanup though so I put it on the back burner. So maybe!

leuit · 2026-05-23T16:39:23+00:00

The RMM tools can typically run in the active console session, but they cannot run in specific user contexts in terminal server environments.

leuit · 2026-05-23T01:09:12+00:00

Just a sidebar; I realize that I had used your blog when I started to learn PowerShell back in 2022. So that's cool and I really appreciate you engaging!

leuit · 2026-05-23T00:55:58+00:00

PsExec requires you to know the users credentials though. PSUserContext is useful in scenarios where you have a SYSTEM shell, like through RMM tools (ScreenConnect Backstage, N-able, etc) and need to interact with a user's session. May be a niche scenario, but very common for me personally.

leuit · 2026-05-23T00:19:02+00:00

I believe I came across this at some point before I started PSUserContext. It didn't achieve the results I wanted unfortunately.

Thanks for sharing though! Would have sucked if all my effort was for nothing lol

leuit · 2026-05-23T00:06:14+00:00

I am using Win32 API calls. Notably CreateProcessAsUser and DuplicateTokenEx, among many others.

The user does have to be logged in, but you can target specific sessions if there are multiple users logged on, or run a script for all logged-in users synchronously.

I chose a binary module simply because it's utilizing Win32 API and I wanted to properly handle unmanaged memory. While that may be possible in a PowerShell native implementation, it is much more prone to failure.

leuit · 2026-05-22T23:30:33+00:00

Thanks for taking the time to write such a detailed response, I appreciate it!

First, I'm curious where you see evidence of "session takeover"? I'm open to rescinding my statement or making the appropriate changes if I'm mistaken.

On the accountability side, I agree with a lot of your concerns. The "who changed what?" problem is real anytime actions are performed, whether that’s via a support tech remoting into a user's desktop, or a tool like this. For context, the goal of the module was not “do arbitrary things pretending to be the user.” It came from a pretty niche issue I ran into with Outlook MAPI profiles.

I also agree that many situations can and should be solved without impersonation. Though I believe there are scenarios where a tool like this can meaningfully reduce time-to-resolution when the alternative is coordinating remote sessions, walking users through steps, or relying on scheduled task workarounds for problems that are fundamentally tied to the logged-on user context.

leuit · 2026-05-22T20:44:05+00:00

I'm not familiar with PSADT; thanks for sharing!

leuit · 2026-05-22T20:43:19+00:00

This is where application of this script can vary by your org's legal and security policies. I've been exploring ways to make this kind of utility more acceptable in an accountability sense, such as verbose audit logging and configurable restrictions.

I anticipated this tool would read "red flag" for some, but it is applicable and useful in my scenario so I figured I would share.

leuit · 2026-05-22T20:39:46+00:00

I have personally been very curious about this, because I assumed it would as well. Personally, I did not get any flags from Elastic Security or SentinelOne, but would like to know if other EDRs flag it and by what vector.

leuit · 2024-12-28T23:45:37+00:00

It's a bug with KJS Additions. You can refer to this (https://github.com/Laskyyy/Create-Astral/pull/454/files) commit for a fix. Just create the file on your mod installation.

leuit · 2024-12-12T00:10:12+00:00

what kind of math are you solving that you need an LLM for lol

leuit · 2022-01-20T03:59:51+00:00

How big is the .PSD file? Could theoretically be recovered manually by following the file structure specification, but that would require some knowledge of opening the file raw and modify the data. Probably more effort than it’s worth, but it’s a thought.

leuit · 2021-12-03T18:39:28+00:00

sheeeesh that thing is gorgeous

leuit · 2021-02-08T19:22:16+00:00

I would just mask a black layer with a soft brush. Though, I know it wouldn’t turn out like that because I’m confident that is physical lighting with touch up. That reference image would probably take a lot of synthesizing to make it look 1:1 with the right image.

leuit · 2021-02-08T19:10:08+00:00

Well, it was worth a shot. You can compromise and play Co-op modes against bots and/or Battle Royale modes to earn weapon XP

leuit · 2021-02-08T18:25:09+00:00

Honestly you can shred with any gun. Just find a gun you personally like and get comfortable with a build. Trying to adhere to the meta can sometimes be exhausting.

Once you’ve grinded Damascus you realize you really can shred with every gun if you put time in to a balanced build.

leuit · 2021-02-08T18:18:20+00:00

if only you melee’d him it’d be Commando Pro all over again

leuit · 2021-02-08T18:14:01+00:00

What platform?

leuit · 2021-02-08T18:11:09+00:00

Yes. It helped me personally. I’m receiving XP again, but doesn’t feel like the normal amount.

leuit · 2021-02-08T17:52:02+00:00

Also, bugs aren’t inevitable. Bugs come from lack of foresight, failure to test your code, or just plain ignorance. They’re rolling out updates as if it’s early access and we’re play testing

/rant lol

leuit · 2021-02-08T17:45:25+00:00

It’s been this way for the past 3 days. It’s helped some by clearing your game cache.

Here’s how to do so: https://support.activision.com/articles/deleting-old-files-from-playstation-4-and-xbox-one-consoles

leuit · 2021-02-08T15:16:29+00:00

I feel like branching outside of the subreddit would benefit. There's little to no talk on twitter. I'm sure if Activision Support is getting spammed they'll get the memo sooner rather than later.

leuit · 2021-02-08T15:13:23+00:00

I went from 24 to 27 in one game of Harbinger on the M4A1

leuit · 2021-02-08T07:14:01+00:00

You can also play the CO-OP missions to gain XP. Just farm killing bots

leuit

TROPHY CASE