elevating code privilage

This topic contains 7 replies, has 3 voices, and was last updated by  scott s 4 weeks ago.

  • Author
    Posts
  • #99715

    scott s
    Participant

    I have a utility compiled powershell with gui (powershell studio) this utility run a list of files exe or cmd, or ps1's.

    Some of the cmd or ps1 require admin rights (the user is a local admin) to run below are two of the commands that fail if not an admin and then the code that launches them

    code that will fail: (both are in .ps1 files)
    dism /online /import-defaultappassociations:c:\Scripts\DefaultApps\DefaultApps.xml
    or
    Import-StartLayout -LayoutPath "Start.xml" -MountPath C:\

    the code to launch them is..

    if ($extension -eq ".ps1")

    {

    $RunExe = $LocalPath + $LocalPath2 + $filePath

    #$PSCMD = "-executionPolicy bypass -file " + $RunExe + " " + $CFG_PARMS

    #sns 4/24 added runas

    $PSCMD = "-executionPolicy bypass -verb RunAs -file " + $RunExe + " " + $CFG_PARMS

    $process = (Start-Process -FilePath "powershell.exe" -argumentlist $PSCMD -PassThru)

    $handle = $process.Handle

    $process.WaitForExit()

    $ret = $process.ExitCode

    }

    any ideas how to elevate in the start-process code i tried the -verb RunAs but it didnt help

  • #99726

    Joel Sallow
    Participant

    -Verb Runas is an argument for Start-Process itself, not part of the -ArgumentList parameter. So, it should look a littl emore like this:

    $PSCMD = '-ExecutionPolicy Bypass',"-File $RunExe $CFG_PARMS"
    $Process = Start-Process -FilePath 'PowerShell.exe' -Verb Runas -ArgumentList $PSCMD
  • #99730

    scott s
    Participant

    I will try the change the RunAsis it the equivalent of opening a powershell window as admin?

  • #99753

    scott s
    Participant

    Are there any other trick of the trade to elevate either the launcher utility or what it launches?

    thanks

  • #99781

    Joel Sallow
    Participant

    To the first question, yes, it is equivalent to using 'Run as Administrator'.

    As for the other question, I'm not really sure what you mean. If you're asking whether there are other methods of elevating, there might be, but I'm not familiar with any of them. There are some popular self-elevating snippets around here that effectively check if the current session is elevated, and if not, they trigger an elevated session and re-run the current sequence of code.

    But as far as I know, even that makes use of `-RunAs`.

    You do have the option of simply directly calling an executable along with any arguments it might have using Start-Process, but in general any process called from an elevated PowerShell session inherits the elevated status.

  • #99783

    scott s
    Participant

    Thanks I will test tomorrow..

  • #99787

    Damian
    Participant

    ########
    Add-Type -AssemblyName PresentationCore,PresentationFramework
    If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator'))
    {
    Start-Process -FilePath powershell.exe -ArgumentList ("-NoProfile -ExecutionPolicy Bypass -File `"{0}`"" -f $PSCommandPath) -Verb RunAs
    Exit
    }
    ########

    This is the first few lines of my code that makes sure the script I'm running is running as admin and if it isn't then it'll re open's itself as admin
    (you'll still get a smart screen check if that's still on asking if you are sure you want to run PS as admin)

  • #99843

    scott s
    Participant

    Still no luck the ps1 being called shows the error that it needs to be run in an admin window here is the neew code below

    if ($extension -eq ".ps1")

    {
    $RunExe = $LocalPath + $LocalPath2 + $filePath
    $PSCMD = "-executionPolicy bypass -file " + $RunExe + " " + $CFG_PARMS
    $process = (Start-Process -FilePath "powershell.exe" -verb RunAs -argumentlist $PSCMD -PassThru)
    $handle = $process.Handle
    $process.WaitForExit()
    $ret = $process.ExitCode

    }

You must be logged in to reply to this topic.