Running script as admin with executionpolicy bypass starting from user - windows

My powershell code is first run as user then when user wants to do something else I want to launch another script but that script required admin privileges so I have this command in my first powershell to run the required script as admin
Start-Process -WindowStyle Hidden -FilePath PowerShell.exe -Verb Runas -ArgumentList "-executionpolicy bypass -File $path"
But this just does nothing it doesn't even run the file

I wrote a function for about what you are trying to do
<#
.SYNOPSIS
Creates new powershell consoles
.DESCRIPTION
Used to create new powershell consoles running as same rights unless Elevated is selected in which case it runs as administrator
.EXAMPLE
New-PowershellConsole -Count 2 -Elevated -Exit
.PARAMETER Count
Starts up this many consoles
.PARAMETER Elevated
Starts Consoles as Administrator
.PARAMETER Exit
Closes the current powershell console
#>
function New-PowershellConsole {
param(
[int]$Count = 1,
[switch]$Elevated,
[switch]$Exit
)
if ($(new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) -or $($Elevated -eq $True)) {
while ($Count -gt 0){
Start-Process powershell -Verb runAs -ArgumentList "-NoExit -Command `"Set-Location $((Get-Location).path)`"";
$Count--
}
} else {
while ($Count -gt 0){
Start-Process powershell -ArgumentList "-NoExit -Command `"Set-Location $((Get-Location).path)`"";
$Count--
}
}
If($Exit){
exit
}
}
Based off your message it looks like you want to run a new powershell console as admin
Start-Process powershell -Verb runAs -ArgumentList "-NoExit";
I suggest to avoid errors is to check if the user is a administrator
if ($(new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) -or $($Elevated -eq $True)) {
Start-Process powershell -Verb runAs -ArgumentList "-NoExit";
}

Related

How to run a exe file with /regServer to create aplicationID in Dcom config in component services using powershell?

I have one WFO.exe file which I want to register .
I am able to run below command on remote desktop using powershell and a specific APPID is generated in Dcom config under component services:
c:\WFO.exe /RegServer
c:\WFO.exe /Service
But when I try to run this command through Packer powershell APPId is not getting created.
I tried multiple commands, but nothing is working
Start-Process -Wait -FilePath c:\WFO.exe -ArgumentList "/RegServer" -passthru
Start-Process -Wait -FilePath c:\WFO.exe -ArgumentList "/Service" -passthru
Invoke-Command -ScriptBlock {
Start-Process -Wait -FilePath "c:\WFO.exe" -ArgumentList "/s /RegServer" -PassThru
}
Invoke-Command -ScriptBlock {
Start-Process -Wait -FilePath "c:\WFO.exe" -ArgumentList "/s /Service" -PassThru
}
Do I need to import anything to work it through Packer Powershell?

Elevate rights in current directory with PowerShell

For example I'm in C:\Users\User\Desktop\Tools and I'm trying to stay here as admin.
I tried this way, gluing together different commands:
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit" & -windowstyle hidden -Command Start-Process powershell -ArgumentList '-NoExit', '-Command cd %V' -Verb runAs""
The PATH changes to C:\WINDOWS\system32 why? How to elevate rights in current directory via simple command?
Use $PWD from the calling process to change the location on startup:
Start-Process powershell -ArgumentList '-NoExit', "-Command cd '$pwd'; & .\actual\script\you\want\to\run.ps1" -Verb runAs

powershell error while trying to start process

Running PS as admin, trying to run an exe from server (or even if i copy this file to my computer and trying to run it locally)
$apps = "\srv\blabla"
Start-Process $apps\mbsetup.exe -Credential $Credentials
Error:
without -credential this would work, i would assume something bad with the user definition but the creds are that of the domain admin.
any idea?
It looks like your app requieres administrative privileges. Add -Verb RunAs to your Start-Process cmdlet to elevate the execution.
But -Verb RunAs will not work in combination with -Credential. This is a workaround:
Start-Process powershell -Credential $Credentials -ArgumentList "-Command &{Start-Process yourApp.exe -Verb RunAs}"

How to automatically add a computer to a domain from a Powershell script using a non-administrator user

I have a number of computers that will need to be added to our domain. The issue is the user that these computers log in with are not administrator users. We do have administrator users on the machines though.
I am trying to have a Powershell script run from a batch script, but nothing I do is giving me the correct results. It seems that even if the Powershell script runs as an administrator, because the batch script is not run as an administrator (it is run automatically on startup), I get a credential error. I've tried running a self-elevating PS script, but to no avail.
Here is one of the batch file lines I've tried:
#echo off
SET thisdir=%~dp0
SET pspath=%thisdir%domain_add.ps1
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process Powershell -argumentlist '-NoProfile -ExecutionPolicy Bypass -File ""%pspath%""' -verb runas}";
I've even tried using the batch file to start a powershell script, which then calls the add domain PS script:
$user = '.\alohaadmin'
$passfile = 'alohapass.txt'
$password = Get-Content $passfile | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user, $password
Start-Process 'powershell.exe' -Credential $cred -ArgumentList '-noexit','-file "domain_add.ps1"'
The issue seems to be with the initial batch file not being run as an admin.

How to pass quoted arguments to elevated batch script via powershell Start-Process

I have a really hard time passing quotes to .bat files when elevating, binaries seem to work thou... steps to reproduce:
create a small test batch script %TEMP%\test.bat containing
echo.%* && pause
Fire up powershell and try those:
# both behave like expected, echoing hello and pausing
saps -filepath cmd -argumentlist '/c echo.hello && pause'
saps -filepath "$env:TEMP\test.bat" -argumentlist 'hello'
# both behave like expected, echoing "hello" and pausing
saps -filepath cmd -argumentlist '/c echo."hello" && pause'
saps -filepath "$env:TEMP\test.bat" -argumentlist '"hello"'
# both behave like expected, echoing an elevated hello and pausing
saps -verb runas -filepath cmd -argumentlist '/c echo.hello && pause'
saps -verb runas -filepath "$env:TEMP\test.bat" -argumentlist 'hello'
# cmd still echoes correctly "hell"no and pauses
saps -verb runas -filepath cmd -argumentlist '/c echo."hell"no && pause'
# tl;dr
# now this is where hell breaks loose
saps -verb runas -filepath "$env:TEMP\test.bat" -argumentlist '"hell"no'
# doesnt echo anything, window pops up and vanishes in an instant
# doesnt pause
The "runas" verb doesn't work if you invoke it directly on a batch file. You need to invoke it on the actual executable (i.e. cmd.exe) and pass the batch file as an argument.
$params = '/c', "$env:TEMP\test.bat", '"hell"no'
Start-Process -Verb Runas -FilePath $env:ComSpec -ArgumentList $params

Resources