none
Run PowerShell as admin from a batch script RRS feed

  • Question

  • HELP!!!!

    I have a PowerShell script located on a network share that I need to run as admin from a batch script to achieve this I have the following string of code below.

    PowerShell -noprofile -command "&{start-Process PowerShell -ArgumentList'-noprofile -file \\myserver\scripts\run.ps1' -verb RunAs}"

    The syntax above is verbatim what I type (except the server location) there are no spaces in the path but when I run it, it asks for my credentials as expected. But after clicking enter it simply returns me to a command prompt window. What am I missing?

    I am not wed to the syntax above, if there is an easier way I can have a batch script call either the get-credential or runas powershell command and use the presented credentials to open the script on the network share I would be elated, thank you in advance.


    Monday, July 27, 2020 1:49 AM

Answers

  • Your question is very vague and your ability to understand any answer is poor.  By learning basic PowerShell you will be able to overcome both of these issues.  We cannot be required to read your mind or guess at your level of understanding.  \

    Please carefully read the following to gain a basic understanding of the problem.

    You cannot learn basic Windows technology or PowerShell by asking questions in a forum.  You must learn the basics on your own.  Technical forums are for trained technicians and not for end users with no formal training of any kind.

    This is no "terse".  It is just honest advice to someone who may wish to work in this technology.  You have to put in some effort before even asking a clear question or before being able to understand the answers.

    Please take the time to learn the basics then consider your issue.  We will be able to communicate answers better if you have the basic knowledge.


    \_(ツ)_/

    So thank you for your input, based on all you typed I was motivated to do this myself because I know it can be done. Below is how I solved my problem and got the result I wanted.

    $Cred = get-credential
    $Job = Start-Job -ScriptBlock { whatever I need to run
    } -Credential $cred
    

    Thursday, July 30, 2020 4:01 AM

All replies

  • Why does this have to be run from a batch script?


    \_(ツ)_/

    Monday, July 27, 2020 2:42 AM
  • PowerShell -command "Start-Process powershell  '\\myserver\scripts\run.ps1' -Verb RunAs"


    \_(ツ)_/

    Monday, July 27, 2020 2:48 AM
  • This returns a blank command prompt window.
    Monday, July 27, 2020 3:58 AM
  • Why does this have to be run from a batch script?


    \_(ツ)_/

    It doesn't necessarily need to run from a batch script. The existing script is a batch script so to replace the script with minimal impact to the customer is the goal.

    I could run a separate PowerShell script to call the main script but I would need that to be digitally signed. Not impossible mind you, but its a path I would rather avoid.

    That said if you have the appropriate syntax to create a PowerShell script that can call the main script with the presented credentials from the "get-credential" prompt I am willing to go full bore and get that signed. Its not as seamless as simply replacing the code within the existing batch file.
    Monday, July 27, 2020 4:02 AM
  • The script won't make a non-admin an admin.

    The command works fine for me so perhaps your PS1 does nothing.


    \_(ツ)_/

    Monday, July 27, 2020 4:08 AM
  • The script won't make a non-admin an admin.

    The command works fine for me so perhaps your PS1 does nothing.


    \_(ツ)_/

     I can run the script from the server and it works fine, but when I call it it with the code you referenced I get a blank command prompt window.
    Monday, July 27, 2020 4:13 AM
  • Sorry but you will have to learn enough about Windows and PowerShell to ask a better question.  The code I posted works every time I run it.  Your file is apparently the issue and not PowerShell , CMD or the command.


    \_(ツ)_/

    Monday, July 27, 2020 4:21 AM
  • Sorry but you will have to learn enough about Windows and PowerShell to ask a better question.  The code I posted works every time I run it.  Your file is apparently the issue and not PowerShell , CMD or the command.


    \_(ツ)_/

    Thank you for attempting to assist.
    Monday, July 27, 2020 4:32 AM
  • What is the goal/purpose of the script? Why use the runas verb? What problem are you trying to solve?


    -- Bill Stewart [Bill_Stewart]

    Monday, July 27, 2020 1:53 PM
    Moderator
  • What is the goal/purpose of the script? Why use the runas verb? What problem are you trying to solve?


    -- Bill Stewart [Bill_Stewart]

    The idea is to seamlessly (without change to our users) edit an existing batch script and bring it into the 2000's so change the syntax to have it execute the -verb RunAs (or get-credential) inside the batch script. Mainly for security but with minimal disruption to the user (lower level admins).

    Tuesday, July 28, 2020 11:29 PM
  • if your script have any user interaction like get-credential or read host this  request will wait in the background until you interrupt main process

    So if I right get what you tries to do, then everything "working" as expected

    Looks like you tries to complicate your and yours colleagues job with this solution


    The opinion expressed by me is not an official position of Microsoft

    Wednesday, July 29, 2020 12:43 AM
  • if your script have any user interaction like get-credential or read host this  request will wait in the background until you interrupt main process

    So if I right get what you tries to do, then everything "working" as expected

    Looks like you tries to complicate your and yours colleagues job with this solution


    The opinion expressed by me is not an official position of Microsoft

    So I currently have it working with the following syntax...

    @ECHO OFF
    Pushd %-dp0

    Set /P _UserName=Enter Your Admin Credentials: 
    Set RunAsUser=%UserDomain%\%_UserName%
    RunAs /User:%RunAsUser% "C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -WindowStyle Hidden &'\\myServer\PowerShellScript\myscript.ps1'
    @ECHO OFF
    Popd

    The syntax above works fine and elevates appropriately but it does so within the Batch script and doesn't do it securely with either Get-Credential or the -verb RunAs.

    Yes it is further complicating a rather straight forward process, but suffice it to say that the environment within which I need to accomplish this calls for this running within a Batch script.

    My leadership is "happy" with the way it runs now, but I know that it can be done more securely using what is built in in PowerShell. My bosses are not interested in involving the user any further than them just clicking and noticing the difference as opposed to pointing them to a ps1 file from the previous bat file.



    Wednesday, July 29, 2020 1:09 AM
  • What you are asking cannot be done.

    If what you a have is acceptable to your people then why ask for the impossible.

     


    \_(ツ)_/

    Wednesday, July 29, 2020 1:46 AM
  • What you are asking cannot be done.

    If what you a have is acceptable to your people then why ask for the impossible.

     


    \_(ツ)_/

    Understood, I appreciate the help...
    Wednesday, July 29, 2020 5:15 AM
  • The idea is to seamlessly (without change to our users) edit an existing batch script and bring it into the 2000's so change the syntax to have it execute the -verb RunAs (or get-credential) inside the batch script. Mainly for security but with minimal disruption to the user (lower level admins).

    There may be a language barrier; I simply do not understand what you are trying to say here.

    If you are trying to find a way to elevate from a non-administrative to an administrative user without provoking the UAC prompt, the answer is "you cannot do that." This is by design for security reasons. Read this post (near the top of the forum):

    You cannot bypass the UAC prompt

    If that is not what you are asking, then you will need to rewrite your question or clarify.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, July 29, 2020 1:08 PM
    Moderator
  • The idea is to seamlessly (without change to our users) edit an existing batch script and bring it into the 2000's so change the syntax to have it execute the -verb RunAs (or get-credential) inside the batch script. Mainly for security but with minimal disruption to the user (lower level admins).

    There may be a language barrier; I simply do not understand what you are trying to say here.

    If you are trying to find a way to elevate from a non-administrative to an administrative user without provoking the UAC prompt, the answer is "you cannot do that." This is by design for security reasons. Read this post (near the top of the forum):


    If that is not what you are asking, then you will need to rewrite your question or clarify.


    -- Bill Stewart [Bill_Stewart]

    There is no language barrier likely more I lack the technical terms to explain what I am trying to accomplish.

    I am not trying to bypass UAC, what I want is to call the get-credential cmdlt from within a batch script. The syntax above calls powershell and runs "-verb RunAs" my query was(is) if I can do that with get-credentials because when I try it fails.

    I would like to do that and have the get-credential passed to the script in essence elevate to open the script.
    Thursday, July 30, 2020 1:21 AM
  • You cannot use both "Get-Credential" and "-Verb Runas" in the same command.

    First you need to learn some basic technology then try to understand the technology that you want to work with.  We cannot give you personal instruction.  Without some technical understanding your questions will be hard for anyone to understand.


    \_(ツ)_/

    Thursday, July 30, 2020 1:52 AM
  • There is no need to be terse, if you do not understand the question please ask. I was asking how to apply EITHER the get-credential OR the -verb RunAs.

    Tone is very hard to convey online so I can only guess that my question was not clear.

    Your thoughts on the level of my knowledge of technology do nothing to advance the question I posed. If I had knowledge of PowerShell I would not be seeking assistance on an online forum. You can either help or not, there is no need to be rude.
    Thursday, July 30, 2020 2:40 AM
  • Your question is very vague and your ability to understand any answer is poor.  By learning basic PowerShell you will be able to overcome both of these issues.  We cannot be required to read your mind or guess at your level of understanding.  \

    Please carefully read the following to gain a basic understanding of the problem.

    You cannot learn basic Windows technology or PowerShell by asking questions in a forum.  You must learn the basics on your own.  Technical forums are for trained technicians and not for end users with no formal training of any kind.

    This is no "terse".  It is just honest advice to someone who may wish to work in this technology.  You have to put in some effort before even asking a clear question or before being able to understand the answers.

    Please take the time to learn the basics then consider your issue.  We will be able to communicate answers better if you have the basic knowledge.


    \_(ツ)_/

    Thursday, July 30, 2020 2:55 AM
  • Your question is very vague and your ability to understand any answer is poor.  By learning basic PowerShell you will be able to overcome both of these issues.  We cannot be required to read your mind or guess at your level of understanding.  \

    Please carefully read the following to gain a basic understanding of the problem.

    You cannot learn basic Windows technology or PowerShell by asking questions in a forum.  You must learn the basics on your own.  Technical forums are for trained technicians and not for end users with no formal training of any kind.

    This is no "terse".  It is just honest advice to someone who may wish to work in this technology.  You have to put in some effort before even asking a clear question or before being able to understand the answers.

    Please take the time to learn the basics then consider your issue.  We will be able to communicate answers better if you have the basic knowledge.


    \_(ツ)_/

    So thank you for your input, based on all you typed I was motivated to do this myself because I know it can be done. Below is how I solved my problem and got the result I wanted.

    $Cred = get-credential
    $Job = Start-Job -ScriptBlock { whatever I need to run
    } -Credential $cred
    

    Thursday, July 30, 2020 4:01 AM
  • As I noted and you bitched about - no "RunAs".  You didn't figure out anything.  You just threw a tantrum and capitulated.  Hey - that's no way to say goodbye...

    YOU dopey millennials just can't take a bit of constructive criticism.   


    \_(ツ)_/

    Thursday, July 30, 2020 4:16 AM
  • Listen guy (or gal) I do not know you at all, nor do you know me. I came hat in hand and readily admitted that I do not know PowerShell, you attacked my knowledge of PowerShell even after my handle (PowerShell Novice) clearly spells out that fact.

    I have no clue the depths of your PowerShell knowledge, but allow me to give you a small lesson - if you are to provide assistance to someone, berating them is not the way to go about it especially after the person has clearly stated that they do not have the grasp on the topic they are asking about. If I knew the answer to my query I would not be here asking. In the future steer clear of making personal assumptions about folks online you have no idea how long I have been in IT nor do you know my situation that now calls for me to do something outside of my comfort zone. As a PowerShell guru you should be happy that others are taking on this platform.

    I have to assume that based on your amassed 237,488 points you are something of an authority in scripting, but that alone is not the length and breadth of Information Technology. Please work on your bedside manner as it is somewhat lacking. 

    Thursday, July 30, 2020 5:41 AM
  • I know - the dog ate your homework.  That still won't fly.


    \_(ツ)_/

    Thursday, July 30, 2020 5:44 AM
  • It has now dawned on me that you have ample time that you are now trolling on a forum designed to provide troubleshooting assistance.

    Thank you for spurring me to dig deeper, I wish you the best in all your endeavors. 
    Thursday, July 30, 2020 5:56 AM
  • It has now dawned on me that you have ample time that you are now trolling on a forum designed to provide troubleshooting assistance.

    Thank you for spurring me to dig deeper, I wish you the best in all your endeavors. 

    What trouble were you asking about?  YOu asked a question that anyone with any trai9ng in technology would have just looked up in the documentation.

    Remember that this is a technical forum and not a forum for untrained end users.

    You were given the answer two ways and still can't understand what you were told.  Take some time to learn the technology and you will have fewer problems.  

    Also note that demanding that others solve your problem when you cannot understand the answers is not a good approach.  First learn then ask.  Arguing in such a pointless way will not help you or anyone else.

    Remember the term "novice" implies someone who is trained but is a first timer in real application.  It does not mean "help me I am incapable of doing this".


    \_(ツ)_/

    Thursday, July 30, 2020 6:02 AM
  • Against my own advise I will engage further. I said that the use of start-job along with -scriiptblock appending the previously saved variable ($cred = get-credential) yielded the result I wanted. The script ran prompting for credentials which once provided executed the script with the $cred variable.
    Thursday, July 30, 2020 9:10 AM
  • Colleagues, problem was solved as i get, so its great success. 

    Please stop wasting your time for flooding, and at the same time spamming all members from this tread.

    PowerShell novice, I'm happy that you received result that you want, hopefully next your question will be less painfull, and you will get expected result quicker. More practice - better results. Good luck :)

    jrv, please close this topic 


    The opinion expressed by me is not an official position of Microsoft

    Thursday, July 30, 2020 9:17 AM