locked
Running as administrator causes an infinite loop RRS feed

  • Question

  • I am trying to run the following script:

    # Get the ID and security principal of the current user account
    $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
    $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

    # Get the security principal for the Administrator role
    $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

    # Check to see if we are currently running "as Administrator"
    if ($myWindowsPrincipal.IsInRole($adminRole))
       {
       # We are running "as Administrator" - so change the title and background color to indicate this
       $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
       $Host.UI.RawUI.BackgroundColor = "DarkBlue"
       clear-host
       }
    else
       {
       # We are not running "as Administrator" - so relaunch as administrator

       # Create a new process object that starts PowerShell
       $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

       # Specify the current script path and name as a parameter
       $newProcess.Arguments = $myInvocation.MyCommand.Definition;

       # Indicate that the process should be elevated
       $newProcess.Verb = "runas";

       # Start the new process
       [System.Diagnostics.Process]::Start($newProcess);

       # Exit from the current, unelevated, process
       exit
       }

    # Run your code that needs to be elevated here
    Write-Host -NoNewLine "Press any key to continue..."
    $null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

    There seems to be two problems with this script.

    1) I get a Windows prompt for credentials that I am not sure where it is coming from. I don't want it as I would rather this script (the eventual one being developed) to be run unattended.

    2) It goes into an infinite loop after I enter my credentials. It seems to be stuck generating a new window, closing it, generating a new window . . . . . .

    Any help with either of these problems would be greatly appreciated. As I don't see anyone else having these issues I am assuming that I am doing something dumb. If so sorry for the newbie questions.

    Thank you.

    Kevin

    


    Kevin Burton

    Tuesday, October 21, 2014 7:10 PM

Answers

All replies

  • Runas provokes a prompt.

    What is the purpose of the script?


    -- Bill Stewart [Bill_Stewart]

    Tuesday, October 21, 2014 7:30 PM
  • I would like a script to add a user (me) to the local administrators group. But in order to do that I need to be a domain administrator (which I have credentials for). I was trying to back into this solution one step at a time and the first step was becoming an administrator which the script I attached earlier tries to do but like I said I a) don't want to be prompted and b) I don't want to get into an infinite loop that the only way to break out of is to log off.

    Thank you.

    Kevin


    Kevin Burton

    Wednesday, October 22, 2014 12:44 PM
  • First question: You can't bypass the UAC prompt, if that's what you are asking.

    Second question: I am not going to run your script, but see the answer to the first question (which seems to be the reason for the script in the first place).


    -- Bill Stewart [Bill_Stewart]

    Wednesday, October 22, 2014 2:22 PM
  • Is there anyway to elevate your privileges without "RunAs"?

    Still no idea on why the infinite loop of opening and closing windows? Looking at the script it seems that the script should just run and complete. I don't see a loop in the code. It must be behind the scenes.

    Thank you.

    Kevin


    Kevin Burton

    Wednesday, October 22, 2014 7:22 PM
  • Is there anyway to elevate your privileges without "RunAs"?

    No; you cannot bypass the UAC prompt, and this is by design.

    FAQ: Why can't I bypass the UAC prompt?


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by Bill_Stewart Monday, October 27, 2014 2:22 PM
    • Marked as answer by Bill_Stewart Friday, November 28, 2014 5:18 PM
    Wednesday, October 22, 2014 7:53 PM
  • OK I understand the restriction for security reasons of not bypassing UAC. But why the infinite loop?

    Thank you.

    Kevin


    Kevin Burton

    Friday, October 31, 2014 1:04 PM
  • Think about it.  The script restarts after trying to auto-elevate.  Its a bug?  Bad code?  Bad logic?  typos?


    ¯\_(ツ)_/¯


    • Edited by jrv Friday, October 31, 2014 1:32 PM
    Friday, October 31, 2014 1:12 PM
  • The following works correctly:

    $wp=new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
    if ($wp.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)){
        
        $host.UI.RawUI.WindowTitle=$myInvocation.MyCommand.Definition + '(Elevated)'
        $host.UI.RawUI.BackgroundColor='DarkBlue'
        
    }else{
    
        $p=new-object System.Diagnostics.ProcessStartInfo('PowerShell')
        $p.Arguments = $myInvocation.MyCommand.Definition
        $p.Verb='runas'
        [System.Diagnostics.Process]::Start($p)
        exit
    }
    
    # Run your code that needs to be elevated here
    Write-Host -NoNewLine 'Press any key to continue...'
    $host.UI.RawUI.FlushInputBuffer()
    $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown')
    
    
    



    ¯\_(ツ)_/¯


    • Edited by jrv Friday, October 31, 2014 1:35 PM
    Friday, October 31, 2014 1:31 PM
  • But why the infinite loop?

    There is a logic flaw in the script.


    -- Bill Stewart [Bill_Stewart]

    Friday, October 31, 2014 2:31 PM
  • I'm using this function for checking:

    function Use-RunAs {    
        # Check if script is running as Adminstrator and if not use RunAs 
        # Use Check Switch to check if admin 
        # http://gallery.technet.microsoft.com/scriptcenter/63fd1c0d-da57-4fb4-9645-ea52fc4f1dfb
        [cmdletbinding()]
        param (
    		[Switch]$Check
    	) 
        $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") 
        if ($Check) { return $IsAdmin }     
        if ($MyInvocation.ScriptName -ne "") {  
            if (-not $IsAdmin) {  
                try {  
                    $arg = "-file `"$($MyInvocation.ScriptName)`"" 
                    Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList $arg -ErrorAction 'stop'  
                } catch { 
                    Write-Warning "Failed to restart script with runas"  
                    break               
                } 
                exit # Quit this session of powershell 
            }  
        } else {  
            Write-Warning "Script must be saved as a .ps1 file first"  
            break  
        }  
    }
    

    Friday, October 31, 2014 2:34 PM
  • Thank you I wasnt aware of the restart.. It isn't in the code. Under what conditions does a script restart?

    Kevin Burton

    Friday, October 31, 2014 2:41 PM
  • Thank you this works just fine.


    Kevin Burton

    Friday, October 31, 2014 2:51 PM