Elevated Start Job

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 3 weeks, 4 days ago.

  • Author
    Posts
  • #71885
    Profile photo of Cody Everingham
    Cody Everingham
    Participant

    So I run a Powershell script from a bat file elevated and it mostly works great, however when it starts a job in the ps1 file it seems to fail. This script runs flawlessly if I run from an elevated powershell window manually. Any Ideas?

    GCI C:\users | Select-Object -Property Name, FullName, LastWriteTime | foreach {
    if ($_.name.substring($_.name.length-1) -eq 'S' -and $_.CreationTime -lt ((Get-Date).AddDays(-21))) {
    start-job { remove-item $args[0] -Force } -name DeleteUser -ArgumentList $_.fullname
    }
    }

    Also heres the bat file I use to call the PS1 File.

    PowerShell.exe -Command "& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy unrestricted -File "\\netapp1b\temp.ps1"' -Verb RunAs}"

  • #71888
    Profile photo of Don Jones
    Don Jones
    Keymaster

    What an odd way to do that. Huh. I'm not sure why you're not just running PowerShell.exe once, rather than nesting it as you are.

    Anyway, your Start-Process isn't being given an alternate credential, and so it will run PowerShell in whatever user context you ran the first PowerShell.exe in. This isn't "elevated."

  • #71899
    Profile photo of Cody Everingham
    Cody Everingham
    Participant

    Thanks that makes sense. Is it possible to elevate a process from powershell/cmd without user interaction?

  • #71900
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Not really, no. You'd need to somehow hardcode clear-text credentials, which would be pretty horrible. I imagine you could try running it as an Scheduled Task or something, which had alternate credentials applied.

    I mean... not to put too fine a point on it, but what you're asking for would be every malware author's wet dream. You pretty much DO NOT want that capability in Windows :).

You must be logged in to reply to this topic.