Launching a program as Administrator while remoting

This topic contains 11 replies, has 4 voices, and was last updated by Profile photo of Dudebro Dudebro 2 months, 1 week ago.

  • Author
    Posts
  • #66274
    Profile photo of marius
    marius
    Participant

    I have a PowerShell script executing commands on a remote server in a remote session.
    I can execute normal PowerShell commands.
    I need to run an .exe program as well, but I need to run it as Administrator (I mean the Administrator user of the remote server).
    Can anybody plese provide the right syntax?
    Regards
    marius

  • #66289
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Runas.exe? Start-Process?

    • #66370
      Profile photo of marius
      marius
      Participant

      Looking around the forums I wrote the following code, and it works fine if I run it on the targert server:

      $username = "mydomain\administrator"
      $Passwordtext = "mypassword"
      $password = $Passwordtext | ConvertTo-SecureString -AsPlainText -Force
      $mycredentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
      Start-Process powershell -credential $mycredentials -ArgumentList '-noprofile -command &{Start-Process "c:\dir1\myprogram.exe" -verb runas}' 
      

      If I run it from a client I get the following error:

      This command cannot be executed due to the error: Accesso negato.
          + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
          + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
          + PSComputerName        : x.y.z.t
      

      I am sure there is some error, but how can I troubleshoot it?
      Regards
      marius

  • #66375
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well, that means "Access Denied," which means you don't have permissions. So it depends a great deal on HOW you are running it on the client. Are you sending it via Invoke-Command, for example? In that case, the credential provided to Invoke-Command should be one that has permission on the remote machine, rather than passing credentials to Start-Process.

    • #66388
      Profile photo of marius
      marius
      Participant

      Many thanks for your hints.
      I made a test by providing to Invoke-Command the credentials of the remote Administrator but I still get the same error, either while using tue same syntax as before:

      $username = "mydomain\administrator"
      $Passwordtext = "mypassword"
      $password = $Passwordtext | ConvertTo-SecureString -AsPlainText -Force
      $mycredentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
      Start-Process powershell -credential $mycredentials -ArgumentList '-noprofile -command &{Start-Process "c:\dir1\myprogram.exe" -verb runas}' 
      

      or simply starting the program with the following syntax:

      Start-Process -FilePath 'c:\dir1\myprogram.exe'  
      

      Given that myprogram.exe requires Administrator's right, what syntax should I use?
      Regards
      marius

  • #66391
    Profile photo of Don Jones
    Don Jones
    Keymaster

    So you've done:

    $username = "mydomain\administrator"
    $Passwordtext = "mypassword"
    $password = $Passwordtext | ConvertTo-SecureString -AsPlainText -Force
    Invoke-Command -Script {
     Start-Process "c:\dir1\myprogram.exe" -verb runas'
    } -ComputerName whatever -Credential $mycredentials
    

    ? I don't understand why you're starting PowerShell to run Start-Process, which is why I'm trying to clarify what you're actually running.

    • #66402
      Profile photo of marius
      marius
      Participant

      Many thanks again.
      To be honest, I copied the code from a blog...
      Anyway, it works if I logon locally (as Administrator) on the remote server and run it.
      What is the right way to start an .exe program that requires Administrator's rights on a remote server?
      Regards
      Marius

    • #66438
      Profile photo of marius
      marius
      Participant

      Let me start from the beginning.
      I need to run an .exe program on a remote server.
      I created a PowerShell script like the following one:

      #
      # Just to check that I am Administrator
      #
      $env:Computername 
      $env:USERNAME
      $env:USERDOMAIN
      #
      # Run a program with the "/s" qualifier to suppress the GUI 
      #
      start-process -ArgumentList "/s" -FilePath 'c:\mydir\myprogram.exe'
      

      If I logon ad Administrator on my remote server, start PowerShell and execute it, it works fine and it performs the required actions that includes producing an output file.
      I inserted the same code as a ScroptBlock inside a script I run from a client, and the script looks like:

      $mytarget = "192.168.1.1"
      $username = "mydomain\administrator"
      $Passwordtext = "mypassword"
      $password = $Passwordtext | ConvertTo-SecureString -AsPlainText -Force
      $credadm = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
      Set-Item WSMan:\localhost\Client\TrustedHosts  -Value $mytarget -Force
      $session = New-PSSession -ComputerName $mytarget -Credential $credadm
      Invoke-Command -Session $session  -ScriptBlock{
          #
          # Just to check that I am Administrator
          #
          $env:Computername 
          $env:USERNAME
          $env:USERDOMAIN
          #
          # Run a program with the "/s" qualifier to suppress the GUI 
          #
          start-process -ArgumentList "/s" -FilePath 'c:\mydir\myprogram.exe'
               }
      Remove-pSSession -session $session
      

      The script is executed with no error, I see computername, username (Administrator) and domainname of the targert server, but the program on the remote server is not executed and no output file is created.
      Now in my mind the critical point looks to be the statement:

         start-process -ArgumentList "/s" -FilePath 'c:\mydir\myprogram.exe'
      

      What is the right way to write it in order to run "c:\mydir\myprogram.exe /s" on the target server?
      Regards

      marius

  • #66583
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    are you sure that program is not executed ? how do you check it ? it is a gui program ? you want to start gui program visible to current logged user ?

    • #66609
      Profile photo of marius
      marius
      Participant

      Thank you for answering.
      Let me provide the information:

      are you sure that program is not executed ?

      No, but I don't see the output file produced by the program. If I run the program on the target server the output file is created as expected.

      how do you check it ?

      I don't see the output file

      it is a gui program ?

      It is, but by providing the "/s" argument i suppress the window. By the way, the program is a setup produced by InstallShield

      you want to start gui program visible to current logged user ?

      No, I just want to get the result.
      If I log on the target as Administrator, open PowerShell and just type:

      start-process -ArgumentList "/s" -FilePath 'c:\mydir\myprogram.exe'
      

      the program is executed and the file is created. How can I force it to run from my script?

      In the meantime I made a further test by creating a script on my target server with the following instructions:

      #
      # Run a program with the "/s" qualifier to suppress the GUI 
      #
      start-process -ArgumentList "/s" -FilePath 'c:\mydir\myprogram.exe'
      

      I saved it as 'c:\mydir\myscript.ps1'. again, if I run it from the target it runs with no problem and starts the program.
      I attempted to launch it from my client using Invoke-Command but I can't find the right syntax and I get no result...
      What is the right syntax?
      Regards
      marius

  • #66621
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    do you try to launch any nongui program by this script ?
    do ypu try to use psexec ?
    sometimes gui programs cant start because it can't create gui window (even if it's hidden). in this case the program can launch if you logged into server as the same user.
    I recommend check start/stop events in event viewer (do not forget to enable such events)

  • #66636
    Profile photo of Dudebro
    Dudebro
    Participant

    Does the external program need to run in an elevated context to work? If so, maybe the PSSession is not elevated? Try putting the following in your script block:

    ( New-Object -TypeName Security.Principal.WindowsPrincipal (
        [Security.Principal.WindowsIdentity]::GetCurrent()
        ) ).IsInRole( [Security.Principal.WindowsBuiltinRole]::Administrator )
    

    It should return True if the session is running with elevated privileges.

You must be logged in to reply to this topic.