Elevation of Previleges when running Command Prompt to run powershell scripts RRS feed

  • Question

  • To run powershell scripts on servers where we do not have admin access to individual users.We need to use process accounts(Sharepoint Farm admin &  local admin) to execute powershell scripts.We are having a problem here.

    To riun command prompts i do Run as Different User and provide credentials for process account which is local admin user as well.but ondoing this

    command prompt does not elevate itself to admin even though process accnt is admin.

    Is there any UAC or security settings which helps auto elevate when Run as different User.



    Thursday, February 2, 2012 3:38 PM


  • Is there a reason you can't just grant Add-SPShellAdmin to the users who need to use powershell?  This should remove the need to run a shell as administrator and it can be run as a normal user account.

    Using this command is outlined here:http://technet.microsoft.com/en-us/library/ee806878.aspx

    You should just need to open powershell as an administrator then run Add-SpShellAdmin domain\account.

    Be advised as outlined in the link above this will add your normal user account to the following items:

    "If you do not have membership in the SharePoint_Shell_Access role or WSS_Admin_WPG local group, use the Add-SPShellAdmin cmdlet. When theAdd-SPShellAdmin cmdlet is used, the user is added to the WSS_Admin_WPG group in all front-end Web servers and is added to the SharePoint_Shell_Access role. If the target database does not have a SharePoint_Shell_Access role, the role is automatically created. Once theAdd-SPShellAdmin cmdlet has been run, the user can run SharePoint 2010 Windows PowerShell cmdlets in a multiple-server farm environment."

    Visit my Blog: http://matthewchurilla.blogspot.com/
    • Proposed as answer by Varun Malhotra Friday, February 3, 2012 2:19 AM
    • Marked as answer by Wayne Fan Friday, February 10, 2012 5:24 AM
    Thursday, February 2, 2012 3:59 PM