I'm going nuts...
Target: Server starts. Powershell is executed as Service and App runs.
When I log on as admnin, the program runs, but the GUI is hidden. i have to kill the processs and restart as logged on user.
is there a way to start an app and make it visible to all users that log on?
PS1: Start-Process -FilePath "C:..\xy.exe" -LoadUserProfile "Administrator"
-Credential $credential & -LoadUserProfile "Administrator" didn't work
Edit: It's a server with a software. No user issues.
The VPS can suddenly reboot or some issue else. Plan is to somehow automate the startup, that the SW runs on startup. But then it's not available when a user logs in. it runs hidden or whatever..
plan was a PS1 in a winTask at startup - but can be anything that works. Autologon is somehow a pretty security thing...
tried the idea with the shortcuts, although a start works then, the gui is not available at first.
Related
Firstly: I have found a number of questions answered that do everything but allow me to bypass UAC. I am IT for a small business, but it is not my primary responsibility.
I have two machines in my domain that on startup often fail to correctly connect to the domain network. Restarting the network adapter fixes the issue until the machine restarts. Unfortunately, one of the machines is used by a non-admin, and a technically illiterate one at that.
I hoped to use a powershell script to do this. Using this website, I created script and batch files to solve the issue. Since the computer only has one network adaptor, I went simple:
internet.ps1
Get-NetAdapter | Restart-NetAdapter
internet.cmd
#ECHO OFF
SET ThisScriptsDirectory=%~dp0
SET PowerShellScriptPath=%ThisScriptsDirectory%internet.ps1
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%PowerShellScriptPath%""' -Verb RunAs}";
Unfortunately, I don't fully understand the last command in the batch file. As such I struggle to research the command to pass some form of user credential. This environment is not very secure. But I don't want to give this user domain admin permissions generally, or provide them with some admin credentials which would end up on a sticky note. Either option is just inviting trouble from my older, technically illiterate colleagues. And going over to punch in credentials every day is time consuming.
I am looking for a script that cycles the network adaptor and provides the necessary credentials to make that change so a non-admin user can fix their domain and internet access without having admin credentials on a post-it note.
You could schedule a task using the Task Scheduler in Windows. When scheduling a task, you can specify credentials for the task to use when it runs. You can add a trigger for this task to have it run when the computer starts, or you can simply allow the user to manually start it.
If you decide to go this route, there is a check box you can check that runs the program with the highest possible privileges. The entire point of that last line is to start a new PowerShell window that runs as administrator so it actually has permission to restart the adapter. This means that you can get rid of almost your entire script, and just keep the part that actually restarts the adapter.
For example, when you go to create a new task in Task Scheduler, under the Actions tab, you can create a new action and enter the following:
Program/script:
PowerShell
Add arguments:
-Command "Get-NetAdapter | Restart-NetAdapter"
Note: I'm not sure if this is still the case, but in my past experience, sometimes it will try to run before Windows is fully loaded. If it doesn't seem to be doing anything on startup, you may need to add a delay to it. You can do this by running the Start-Sleep command. You can add it to the arguments field by doing the following:
-Command "Start-Sleep 5; Get-NetAdapter | Restart-NetAdapter"
Replace the number 5 with how many seconds you would like it to wait.
Is there a was for a Powershell script to be launched from Scheduler and run full ISE window and close when done.
I am using ZeeDrive to map a SharePoint Drive but running the Script in Scheduler, it cannot see the Drive. Yet if I open in ISE and run, it finds it fine. What I got back from ThinkScape :
'Zee Drive needs to run in a Windows session. It is designed for end users – if it is running as a service, or “headless” i.e. no Windows session, or being accessed from a different Windows session it won’t work.
We don’t support Zee Drive running as a service or for service type workloads – it is designed for end users working with documents'.
Any help would be greatly appreciated.
Thanks
The only way I can think of, would be to add your script to the Microsoft.PowerShellISE_profile.ps1 and then start ISE with the scheduler and your file as parameter, like this:
powershell_ise .\Check-Process.ps1
In your profile you would want to make sure, that the script only runs, when you open that file:
if($psISE.PowerShellTabs.Files.FullPath -eq '\\fileserver\path$\to\my\Powershell\Check-Process.ps1')
{
& '\\fileserver\path$\to\my\Powershell\Check-Process.ps1'
}
But be carefull! The script runs now everytime you open it in ISE unless you use the switch -noprofile.
So far I did not find a way to close the ISE window with the profile script.
I startet to look around but only found usage with a prompt. But as this is for the users I was wondering if I can make it run without a prompt still with elevated privileges behind.
Start-Process powercfg.cpl -Verb runas
this is a simple oneline but this prompts for creds can I somehow tell it just to run elevated without a prompt
Update1: We are thinking of creating a AD User which has only rights for the needed task than can be shared for this prompt.
Update2: WE figured out that pre installed Toshiba software was causing it to jump back after restart and after every edit. We deinstalled the software and since there was no need to run it as admin anymore.
Good afternoon,
I have a script I am running at the moment and in my script there are two lines of code.
The first line installed OneDrive with admin privileges without asking for permission (bypasses UAC).
The second line runs the application.
My problem is when the second line is run it will state the following:
"OneDrive can't be run using full administrator rights - Please restart OneDrive without administrator rights"
Start-Process -FilePath "$env:USERPROFILE\Downloads\OneDriveSetup.exe" -ArgumentList “/peruser /childprocess /cusid:$cusid /silent” –wait
[System.Diagnostics.Process]::Start($newexepath) | Out-Null #$newexepath = "c:\users\test\appdata\local\microsoft\OneDrive\OneDrive.exe"
Is there a way to stop the process in line one when it is finished, basically telling the script to forget about bypassing UAC?
You may try to disable administrative rights temporary by using “net user administrator /active:no” in cmd command. Then, try to relaunch the OneDrive client and see whether it helps. If so, you can reactive administrative rights by using “net user administrator /active:yes” in cmd command. It should help on this issue in OneDrive.
In addition, I also found that the problem could be caused due to the highest privileges settings in Task Scheduler. You can search Task Scheduler from Start and click “Task Scheduler Library”. Then find OneDrive in the list and double click on it. In the window open, make sure “Run with highest privileges” option is unchecked and click OK to save the setting. After your reboot the computer, the error message should be gone.
In Internet Information Services Manager, for each app pool, there is an option to set path to a Shutdown Executable, and any parameters under Rapid-Fail Protection in advanced settings.
I have several app pools (a couple hundred) and would like to use a PowerShell script to automate setting
the shutdown field of each one to a program I created.
Does such a PowerShell command exist? I have pored through the appropriate documentation but with no results.
Short answer? I cant figure it out in Powershell specifically, However.. using "appcmd.exe" I was able to make this happen. I wrote a script that tried to restart the app pool and emails me the result. This script gets kicked off by the rapid fail protection. I can share this script too if you like...
However, I really didnt want to manually set every app pool as you mention, so I came up with the following.. Its not as pretty or elegant as some, but, it works:
$poolList = (Get-ItemProperty -Path "IIS:\AppPools\*").name
ForEach($pool in $poolList) {
C:\Windows\System32\inetsrv\appcmd.exe set apppool "$pool" /Failure.autoshutdownParams:"D:\_Scripts\CheckPools.ps1 -PoolName $pool"
C:\Windows\System32\inetsrv\appcmd.exe set apppool "$pool" /Failure.autoshutdownexe:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Get-ItemProperty -Path "IIS:\AppPools\$pool" -name Failure.autoshutdownexe|select *
}
I can confirm for me, with Windows 2016, this script sets the Shutdown Executable, and the Shutdown Executable Parameter. The Executable is set to launch powershell, and the parameters calls a powershell script and passes it the app pool name.