Coming from a security focused AD background I prefer to have the Managed Service Accounts OU locked down with a GPO restricting interactive logon to a server. This helps avoid service accounts becoming compromised and being taken advantage of in attacks.
Having an ISE is especially helpful when you are doing SharePoint work on the farm and while I am a big fan of PowerShell, running straight at the command line is often a pain. Rather than installing one of the terrific third party solutions out there for an Integrated Shell Environment I try to only install the PowerShell ISE.
As we know, there are something that you cannot do unless you are running in the context of the Farm Administrator account. There is code out there that will let you elevate your PowerShell script and run in the context of a different user, but I really wanted to be able to open PowerShell ISE as the farm account so that I can run parts of a script at a time, or rerun specific lines.
Here is the code that I compiled that allows me to launch PowerShell ISE as the Farm Admin account:
Add-PSSnapin Microsoft.SharePoint.PowerShell -EA 0
# Farm account name
$farmAccountname = “domainservice_account”
# Load the Farm Account Creds
$cred = Get-Credential $farmAccountname
# Create a new process with UAC elevation S
tart-Process $PsHomepowershell.exe -Credential $cred -ArgumentList “-Command Start-Process $PSHOMEpowershell_ise.exe -Verb Runas“ -Wait
Once your PowerShell ISE window is launched you can run the following code to validate that you are running as the user that you are expecting:
Great you learned some more neato PowerShell, but why do I need to use a PowerShell command for this?
You may be asking why wouldn’t I just do a simple “SHIFT+Right Click” and “Run as different user” rather than resorting to a PowerShell solution. The answer is that doing that does not give you the runAs Administrator privileges that we need to do so many of SharePoint’s PowerShell Functions.