none
Need help with running Powershell Script as admin RRS feed

  • Question

  • I need to have users manually run a script to clean up some stuff on their machines.  It has to be manually run as they are mobile users that are not connected to domain so I have no way to use GPO or other methods.

    I have written the script to do what I need, but I am running into multiple issues stemming from the fact that Powershell Execution Policy on all of the computers which I need to run this on is set to Restricted.

    So my first issue is I cannot even run the script and policy is restricted.  So to fix this I start powershell from a batch file with the -ExecutionPolicy argument set to unrestricted.  THis works and now the powershell script works, but...

    As part of my script I need to kill a process, so I am using a command of Stop-Process -Processname SomeProcess -Force.  The problem is the script throughs an access denied error and the process does not stop.  Researching this error leads me to the fact that I need to run powershell elevated as an administrator, so to get around this I have created another powershell script that simply starts the script elevated.  This script contains: start-process powershell.exe -Verb runAs -ArgumentList "-ExecutionPolicy Unrestricted", "-File C:\lastpowershellscript.ps1"

    Now basically I have 3 files just to run my script!  1. first is a batch file that runs the first powershell script. 2. The first powershell script that THEN starts the second PS script using runAs.  3. My actual script that I need to run.

    Obviously this is quite messy.  There has to be a way to get around this.  Any suggestions to consolidate this mess?  Ideally I would like to be able to just run 1 file that does what I need.  I would prefer to stay with powershell, but maybe I need to try something else?

    Thanks

    Tuesday, July 14, 2015 7:07 PM

Answers

  • You cannot bypass the elevation requirement (see the sticky post at the top of this forum).


    -- Bill Stewart [Bill_Stewart]

    Tuesday, July 14, 2015 8:37 PM
    Moderator

All replies

  • Check out the about_requires help page. You can use #requires -RunAsAdministrator at the start of your script to make sure the script is being run with admin rights.
    Tuesday, July 14, 2015 7:12 PM
  • Just tried #Requires -RunAsAdministrator and I receive the following error:

    Cannot process #requires statement because it is not in the correct format

    also, the powershell version on the machines I need this on is V2

    Tuesday, July 14, 2015 7:21 PM
  • Add this function to your script:


    function Test-Elevation {
      $role = [Security.Principal.WindowsBuiltInRole]::Administrator
      $principal = [Security.Principal.WindowsPrincipal]`
        [Security.Principal.WindowsIdentity]::GetCurrent()
      $principal.IsInRole($role)
    }
    

    You can then use this function to test if the user is running elevated:


    if ( -not (Test-Elevation) ) {
      Write-Error "You must run this script elevated." -Category PermissionDenied
      exit
    }
    # continue with script here
    


    -- Bill Stewart [Bill_Stewart]

    Tuesday, July 14, 2015 7:40 PM
    Moderator
  • Thanks for the reply. I already know that the access denied will be thrown.  This is what I am trying to work around.  These users need to be able to click a file and it should run without the need for them to manually elevate.  I am trying to keep it as simple as possible.
    Tuesday, July 14, 2015 8:04 PM
  • You cannot bypass the elevation requirement (see the sticky post at the top of this forum).


    -- Bill Stewart [Bill_Stewart]

    Tuesday, July 14, 2015 8:37 PM
    Moderator
  • Well I will revert to plan A then. If I can just figure out how to run a subscript with an UAC elevation prompt then I should be good to go.

    Can anyone tell me how to deal with a space in the following code when specifiying the script using -File :

    start-process powershell.exe -Verb runAs -ArgumentList "-ExecutionPolicy Unrestricted", "-File C:\some folder with spaces\myscript.ps1"

    with no spaces in the file name ie "-File C:\somefolder\myscript.ps1" it will launch the script.  Unfortunately I can't change the script folder location to one with no spaces.

    thanks


    • Edited by mac1234 Tuesday, July 14, 2015 10:41 PM
    Tuesday, July 14, 2015 10:41 PM
  • Can anyone tell me how to deal with a space in the following code when specifiying the script using -File

    You can do this:


    Start-Process powershell.exe -Verb runAs -ArgumentList '-ExecutionPolicy Unrestricted -File "C:\Some Folder With Spaces\Some File.ps1"'


    EDIT: I should mention that you should start up a new thread if you continue to have issues with this. This isn't really related to the original question, so this thread should be marked as answered and closed out.

    Don't retire TechNet! - (Don't give up yet - 13,225+ strong and growing)

    Tuesday, July 14, 2015 11:23 PM
  • your the man, that worked.

    thanks to both

    Tuesday, July 14, 2015 11:37 PM
  • Ugh, Mike although your method works as stated, I left out an important aspect of the script which I thought would be easy to incorporate.  I need to use the userprofile in the file path, but haven't been able to get it to work.  I have started a new thread here:

    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/d66bb834-f92b-43e0-8afe-0f4bd34d6449/how-to-deal-with-space-in-argument-list?forum=ITCG

    thanks

    Tuesday, July 14, 2015 11:54 PM
  • Tag!  Your it!

    \_(ツ)_/

    Wednesday, July 15, 2015 1:09 AM