locked
How to run command in powershell as domain admin bypass UAC? RRS feed

  • Question

  • Dear All,

    i want to run command (use Secedit command to export GroupPolicy) in Powershell with mydomain\adminaccount as blow :

    $command = 'SecEdit.exe /export /cfg C:\temp\test.inf /quiet'

    Start-Process -FilePath "$PSHOME\POWERSHELL.EXE" -ArgumentList "-noprofile -command $command" -Verb runas

    However, after ran above command , it always popped up the UAC authorization then ask me to confirm the execution of this command. You know , this can't be done in a Powshell script .

    So is there any way to bypass the UAC to run this command  for export GroupPolicy ? Please help me  : (

    Saturday, January 27, 2018 7:39 AM

All replies

  • There is no way to bypass UAC.  SECEDIT does  not export Group  Policy.  It exports the local system security policy.

    TO understand UAC limitations see: https://social.technet.microsoft.com/Forums/en-US/21afa490-a74e-4052-8c34-e997cdc593b3/you-cannot-bypass-the-uac-prompt?forum=ITCG


    \_(ツ)_/

    Saturday, January 27, 2018 7:54 AM
  • If a script needs to be run elevated, then you can ensure it will only ever be run elevated by including the logic within the script.

    If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
    {
      # Relaunch as an elevated process:
      Start-Process powershell.exe "-File",('"{0}"' -f $MyInvocation.MyCommand.Path) -Verb RunAs
      exit
    }
    # Now running elevated so launch the script:
    & "d:\long path name\script name.ps1" "Long Argument 1" "Long Argument 2"
    Saturday, January 27, 2018 8:21 AM
  • That will not bypass the UAC prompt - it will force the script to run and present the UAC prompt.

    The question is not about PowerShell.  It is about SECEDIT which forces the UAC whenever it is run.  It does internally what you have proposed.

    Which brings us to this issue.  The question is not a scripting question and should be posted in the "Security" forum.


    \_(ツ)_/

    Saturday, January 27, 2018 8:26 AM