none
Running Powershell Script which is converted to .exe file with Admin rights RRS feed

  • Question

  • Hi,

    I have Powershell script which is converted to .exe file using PowerGUI Tool. We need to run this .exe file on all the systems. But this file is running successfully with admin privilege.  I know this will work if we run as admin. But we can not ask end users to right click and run as admin. Is there anyway to convert the Powershell script to .exe with admin rights?

    Thanks in advance

    Sankar M


    Sankar M http://messagingdevelopment.blogspot.in/

    Wednesday, December 11, 2013 1:56 PM

Answers

  • we have to run this tool on all the end users desktop to clean their temp file, temp directory and internet history and cache etc. if its sever related scripts we could schedule it. 

    Sankar M http://messagingdevelopment.blogspot.in/

    User don't need to run as admins to clean their temp files and internet cache.  The internet cache can be set to empty on exit with Group Policy.

    You haven't said anything that indicates the need for administrative rights.  You don't need to run this as an admin.


    ¯\_(ツ)_/¯


    • Marked as answer by Bill_StewartModerator Saturday, December 21, 2013 5:02 PM
    • Edited by jrv Saturday, December 21, 2013 5:05 PM
    Wednesday, December 11, 2013 4:24 PM

All replies

  • You cannot bypass the UAC prompt, and this is by design.

    Bill

    Wednesday, December 11, 2013 2:27 PM
    Moderator
  • No.

    You will have to give users access to the resources as is the Windows design.  What is it that the tool does that requires admin rights.  Most things outside of system configuration do not require an administrator.


    ¯\_(ツ)_/¯

    Wednesday, December 11, 2013 2:27 PM
  • Hi,

    check out this related thread in the PowerGUI forum

    http://powergui.org/thread.jspa?threadID=20633

    Wednesday, December 11, 2013 2:27 PM
  • That thread in the PowerGUI forum talks about automatically elevating. That part isn't hard.

    What you cannot do: Automatically run as admin without the UAC prompt.

    If it were possible, it is exactly what malware would do.

    The following blog post explains why you cannot bypass the UAC prompt:

    FAQ: Why can't I bypass the UAC prompt?

    Bill

    Wednesday, December 11, 2013 3:18 PM
    Moderator
  • But we can not ask end users to right click and run as admin.

    Hi Bill,

    Thanks I got that, too. But this is in my opinion what is asked for in the OP.

    Wednesday, December 11, 2013 3:28 PM
  • I agree with Bill.  The OP is asking if there is a way to avoid Using the RunAs.  This cannot be done without giving the users the admin password.

    The correct way to give the user advanced capabilities is to give them permission on the resources.  This si easily done in Windows.  The need for admin privileges is usually what an untrained user thinks they need to have.  This is seldom the case.

    I asked the OP to describe what the script needs to do.  That will tell us what privileges the user needs. Most often this is a need to update AD.

    AD can allow updates to a manager of an object.  Distribution lists and Security Groups allow this.  DLs allow multiple managers I believe.

    Users that are "managed by " can be edited by the manager. 

    Users added to the  "Account Operators" security group can create and manage users and computer accounts.

    All of this is available and more without making the user an Administrator. 

    Notice that in Vista and later no one is allowed to be an Administrator without a UAC challenge.  Some programs actually do not require select "RunAs"  These are usually launched from a shortcut that specifies that the program is to be run elevated.  This causes the UAC challenge to be displayed any time the shortcut is clicked.  No need to use "RunAs".  This is not available to non-admins.

    Knowing the exact question would allow us to find a best fit solution but, as asked, the question is too vague.


    ¯\_(ツ)_/¯

    Wednesday, December 11, 2013 3:50 PM
  • Thank you all for your quick reply.

    I have developed the Disk Cleanup tool using powershell and then converted this script to .exe using powerGUI. This execution file will run with Admin rights. So we need to ask end users to right click an EXE file and run as administrator. I dont know how to run this .exe file without asking users to do run as admin.


    Sankar M http://messagingdevelopment.blogspot.in/

    Wednesday, December 11, 2013 3:59 PM
  • Thank you all for your quick reply.

    I have developed the Disk Cleanup tool using powershell and then converted this script to .exe using powerGUI. This execution file will run with Admin rights. So we need to ask end users to right click an EXE file and run as administrator. I dont know how to run this .exe file without asking users to do run as admin.


    Sankar M http://messagingdevelopment.blogspot.in/

    Just schedule the script to run periodicaly under teh task scheduler.  The scheduler can elevate a task without a prompt if it is set to do so.

    There is no need to involve the user to run disk cleanup.


    ¯\_(ツ)_/¯

    Wednesday, December 11, 2013 4:11 PM
  • we have to run this tool on all the end users desktop to clean their temp file, temp directory and internet history and cache etc. if its sever related scripts we could schedule it. 

    Sankar M http://messagingdevelopment.blogspot.in/

    Wednesday, December 11, 2013 4:14 PM
  • we have to run this tool on all the end users desktop to clean their temp file, temp directory and internet history and cache etc. if its sever related scripts we could schedule it. 

    Sankar M http://messagingdevelopment.blogspot.in/

    User don't need to run as admins to clean their temp files and internet cache.  The internet cache can be set to empty on exit with Group Policy.

    You haven't said anything that indicates the need for administrative rights.  You don't need to run this as an admin.


    ¯\_(ツ)_/¯


    • Marked as answer by Bill_StewartModerator Saturday, December 21, 2013 5:02 PM
    • Edited by jrv Saturday, December 21, 2013 5:05 PM
    Wednesday, December 11, 2013 4:24 PM