Author Posts

June 1, 2017 at 2:37 pm

So I run a Powershell script from a bat file elevated and it mostly works great, however when it starts a job in the ps1 file it seems to fail. This script runs flawlessly if I run from an elevated powershell window manually. Any Ideas?

GCI C:\users | Select-Object -Property Name, FullName, LastWriteTime | foreach {
if ($_.name.substring($_.name.length-1) -eq 'S' -and $_.CreationTime -lt ((Get-Date).AddDays(-21))) {
start-job { remove-item $args[0] -Force } -name DeleteUser -ArgumentList $_.fullname
}
}

Also heres the bat file I use to call the PS1 File.

PowerShell.exe -Command "& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy unrestricted -File "\\netapp1b\temp.ps1"' -Verb RunAs}"

June 1, 2017 at 2:39 pm

What an odd way to do that. Huh. I'm not sure why you're not just running PowerShell.exe once, rather than nesting it as you are.

Anyway, your Start-Process isn't being given an alternate credential, and so it will run PowerShell in whatever user context you ran the first PowerShell.exe in. This isn't "elevated."

June 1, 2017 at 2:56 pm

Thanks that makes sense. Is it possible to elevate a process from powershell/cmd without user interaction?

June 1, 2017 at 2:58 pm

Not really, no. You'd need to somehow hardcode clear-text credentials, which would be pretty horrible. I imagine you could try running it as an Scheduled Task or something, which had alternate credentials applied.

I mean... not to put too fine a point on it, but what you're asking for would be every malware author's wet dream. You pretty much DO NOT want that capability in Windows :).