none
I need to run Powershell script with Admin Privileges but How?

    Question

  • Hello,

    I need to run a Powershell script with Admin privileges. If I describe my problem with details, I use PowershellASP to manage some services from Web Page. But giving Administrator privileges to Application Pool is a security issue. So PowershellASP panel uses regular user account to execute Powershell. But making changes in System needs Admin privileges as you know. So I think I have two possible options:

    1) Using runas in Powershell. I can execute my Powershell script with "runas /user:administrator "cmd.exe /c 'C:\test.ps1 args1 args2'""
    But If I use "runas", it needs Password. I tried;

    $password = @(
    MySecurePassword
    )@

    $password | runas /user:administrator "cmd.exe /c 'C:\test.ps1 args1 args2'

    But it says Password is wrong. But If I type that password manually, it accepts.

    2. Maybe executing powershell.exe with admin previleges but I don't know how to.

    Is there any way to do this with minimum effort? Can I run a new Powershell from Powershell?

    Thanks for help.

    Regards,
    Yusuf Ozturk
    http://www.yusufozturk.info
    www.yusufozturk.info
    Monday, July 20, 2009 4:47 PM

Answers

  • Hi,

    You can use export-SecureString, import-SecureString, new-SecureString or get-credential to store your password, credential. For more information, please refer to the following article.

    Tired of Typing Administrator’s Password Repeatedly?
    http://mshforfun.blogspot.com/2006/02/tired-of-typing-administrators.html
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Or:

    $pw= convertto-securestring "PASSWORD" -asplaintext –force
    $credential = new-object -typename system.management.automation.pscredential -argumentlist "-default-",$pw

    [System.Diagnostics.Process]::Start("se.exe", $localArgs, "Administrator", $credential.Password, $computer)

    If you have any difficulties when you customizing the scripts, I suggest that you initial a new post in The Official Scripting Guys Forum! to get further support there. They are the best resource for scripting related problems.

    For your convenience, I have list the link as followed.

    The Official Scripting Guys Forum!
    http://social.microsoft.com/Forums/en-US/ITCG/thread/34ed6cba-7698-4aa8-b13c-8693081296ef

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, July 22, 2009 10:59 AM
  • Hi,

    The following simple script work fine on my system:

    $localArgs = "/k Powershell D:\test.ps1 1111 22222"
    [System.Diagnostics.Process]::Start("cmd.exe", $localArgs)

    Test.ps1 is:

    write-host $args[0],$args[1]

    Please verify if it works on your machine.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 23, 2009 6:27 AM
  • This script works on my machine. Please try to change $localArgs to "/k Powershell -file D:\library\writehost.ps1 1111 22222". Any progress?

    Other corrections:

    If there is unknown user name or bad password error, change $computer = "localhost" to $computer ="ComputerName"


    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    Really big sorry. I figured out.

    I tried to do same thing on CMD and I got "Access denied." Then I figured out. I checked NTFS Security Permissions. I added my user to access list and problem solved. But strange thing is my user was already in Administrators group. I don't know why that user wasn't able to access D: with that permissions.

    Thanks for help.

    Regards.
    www.yusufozturk.info
    Thursday, July 23, 2009 10:54 AM

All replies

  • Hi,

    You can use export-SecureString, import-SecureString, new-SecureString or get-credential to store your password, credential. For more information, please refer to the following article.

    Tired of Typing Administrator’s Password Repeatedly?
    http://mshforfun.blogspot.com/2006/02/tired-of-typing-administrators.html
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Or:

    $pw= convertto-securestring "PASSWORD" -asplaintext –force
    $credential = new-object -typename system.management.automation.pscredential -argumentlist "-default-",$pw

    [System.Diagnostics.Process]::Start("se.exe", $localArgs, "Administrator", $credential.Password, $computer)

    If you have any difficulties when you customizing the scripts, I suggest that you initial a new post in The Official Scripting Guys Forum! to get further support there. They are the best resource for scripting related problems.

    For your convenience, I have list the link as followed.

    The Official Scripting Guys Forum!
    http://social.microsoft.com/Forums/en-US/ITCG/thread/34ed6cba-7698-4aa8-b13c-8693081296ef

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, July 22, 2009 10:59 AM
  • Thank you Mervyn. I'll try your solution. Also I think about another solution. Saving records to SQL server and reading with Powershell could solve my problem. I can run Powershell from Task Schedular with Administrator privileges every 5 minutes and that powershell script can check SQL records and execute my powershell scripts.
    www.yusufozturk.info
    Wednesday, July 22, 2009 1:44 PM
  • Hi,

    You can use export-SecureString, import-SecureString, new-SecureString or get-credential to store your password, credential. For more information, please refer to the following article.

    Tired of Typing Administrator’s Password Repeatedly?
    http://mshforfun.blogspot.com/2006/02/tired-of-typing-administrators.html
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Or:

    $pw= convertto-securestring "PASSWORD" -asplaintext –force
    $credential = new-object -typename system.management.automation.pscredential -argumentlist "-default-",$pw

    [System.Diagnostics.Process]::Start("se.exe", $localArgs, "Administrator", $credential.Password, $computer)

    If you have any difficulties when you customizing the scripts, I suggest that you initial a new post in The Official Scripting Guys Forum! to get further support there. They are the best resource for scripting related problems.

    For your convenience, I have list the link as followed.

    The Official Scripting Guys Forum!
    http://social.microsoft.com/Forums/en-US/ITCG/thread/34ed6cba-7698-4aa8-b13c-8693081296ef

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    Problem with here. It works with only first argument.

    I used 'cmd.exe  /c "Powershell D:\Library\posh.ps1 Args1 Args2"' here:

    $pw = convertto-securestring "MyPassword" -asplaintext –force
    $credential = new-object -typename system.management.automation.pscredential -argumentlist "-default-",$pw
    $computer = "localhost"
    $localArgs = '/c "Powershell D:\Library\deneme.ps1 Args1 Args2"'
    [System.Diagnostics.Process]::Start("cmd.exe", $localArgs, "Administrator", $credential.Password, $computer)

    Gives error:
    The term 'D:\Library\deneme.ps1' is not recognized as the name of a cmdlet, fun
    ction, script file, or operable program. Check the spelling of the name, or if
    a path was included, verify that the path is correct and try again.
    At line:1 char:22
    + D:\Library\deneme.ps1 <<<<  Args1 Args2
        + CategoryInfo          : ObjectNotFound: (D:\Library\deneme.ps1:String) [
       ], CommandNotFoundException

    Thanks for help.

    Regards.
    www.yusufozturk.info
    Wednesday, July 22, 2009 3:50 PM
  • Hi,

    The following simple script work fine on my system:

    $localArgs = "/k Powershell D:\test.ps1 1111 22222"
    [System.Diagnostics.Process]::Start("cmd.exe", $localArgs)

    Test.ps1 is:

    write-host $args[0],$args[1]

    Please verify if it works on your machine.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 23, 2009 6:27 AM
  • Hi,

    The following simple script work fine on my system:

    $localArgs = "/k Powershell D:\test.ps1 1111 22222"
    [System.Diagnostics.Process]::Start("cmd.exe", $localArgs)

    Test.ps1 is:

    write-host $args[0],$args[1]

    Please verify if it works on your machine.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    First of all, thank you for helping Mervyn.

    Yes, It works with that codes. But If I execute:

    $localArgs = "/k Powershell D:\library\writehost.ps1 1111 22222"
    [System.Diagnostics.Process]::Start("cmd.exe", $localArgs)

    That returns:

    1111 22222 (as we expect)


    But If I execute:

    $pw = convertto-securestring "MyPassword" -asplaintext –force
    $computer = "localhost"
    $credential = new-object -typename system.management.automation.pscredential -argumentlist "-default-",$pw
    $localArgs = "/k Powershell D:\library\writehost.ps1 1111 22222"
    [System.Diagnostics.Process]::Start("cmd.exe", $localArgs, "AdminUserName", $credential.Password,  $computer)

    That returns:

    The term 'D:\library\writehost.ps1' is not recognized as the name of a cmdlet,
    function, script file, or operable program. Check the spelling of the name, or
    if a path was included, verify that the path is correct and try again.
    At line:1 char:25
    + D:\library\writehost.ps1 <<<<  1111 22222
        + CategoryInfo          : ObjectNotFound: (D:\library\writehost.ps1:String
       ) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException


    Sorry I tried to fix this but i couldn't. I still don't know which parts make error.
    www.yusufozturk.info
    Thursday, July 23, 2009 9:37 AM
  • This script works on my machine. Please try to change $localArgs to "/k Powershell -file D:\library\writehost.ps1 1111 22222". Any progress?

    Other corrections:

    If there is unknown user name or bad password error, change $computer = "localhost" to $computer ="ComputerName"


    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 23, 2009 9:42 AM
  • This script works on my machine. Please try to change $localArgs to "/k Powershell -file D:\library\writehost.ps1 1111 22222". Any progress?

    Other corrections:

    If there is unknown user name or bad password error, change $computer = "localhost" to $computer ="ComputerName"


    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    Really big sorry. I figured out.

    I tried to do same thing on CMD and I got "Access denied." Then I figured out. I checked NTFS Security Permissions. I added my user to access list and problem solved. But strange thing is my user was already in Administrators group. I don't know why that user wasn't able to access D: with that permissions.

    Thanks for help.

    Regards.
    www.yusufozturk.info
    Thursday, July 23, 2009 10:54 AM
  •  

    It works for local user account not domain.

    $pw= convertto-securestring "PASSWORD" -asplaintext –force
    $credential = new-object -typename system.management.automation.pscredential -argumentlist "-default-",$pw
    [System.Diagnostics.Process]::Start("cmd.exe", $localArgs, "domainname\administrator", $credential.Password, $computer)

     

    I gave domainname\administrator and it gives me error ? Any Idea ?

     

     

    • Edited by user91234 Friday, September 17, 2010 9:01 PM error
    Friday, September 17, 2010 9:01 PM
  • I use this code to check if I'm running iwth admin privs.

    $wid = [System.Security.Principal.WindowsIdentity]::GetCurrent()
    $prp = new-object System.Security.Principal.WindowsPrincipal($wid)
    $adm = [System.Security.Principal.WindowsBuiltInRole]::Administrator
    $IsAdmin = $prp.IsInRole($adm)
    if ($IsAdmin) {
    	write-host "Current powershell process is running with Administrator privileges"
    }
    else{
    	write-host "Current powershell process is not running with Administrator privileges"
    }



    ---
    tompa
    http://tompaps.blogspot.com

    Friday, January 25, 2013 10:40 AM