currently, I am trying to get some silent install commands out of the winget cmdlet in order to deploy win32apps via intune. Most of the time I just run the powershell window without admin & when I use the below command (with adobe for example) it prompts for admin credentials and shows me the process i.e. "do you want to make following changes to your pc blabla AcroRdrDCx642200220191_MUI.exe /sAll /rs /rps /l /re"
Is there a different method to see what kind of process a cmdlet triggers? because some apps don´t need admin for their .exe´s and I can´t look up random silent install commands in the internet, neither use so called "tools" to determine them, because either they are expensive as hell or not reliable.
would be nice if someone can help me out here :)
winget install --exact --silent --accept-package-agreements --accept-source-agreements "randomapp"
If you run winget install <package> --verbose-logs you can open up the log file and see which switches were passed to the installer. The log file location is displayed via winget --info.
I have to deploy an .exe silently for our employees. Although the program is very old and does not show any documentation of any parameters. The only parameter i could find is the silent install one which is /s
But.. once i execute the .exe with /s i get a prompt asking me to enter a password because the installer is protected with a password. I have the pass but is it possible to create a script in PS to automaticly enter the password? Normally it would be something like "/p PASSWORD" but none of those parameters are anywhere to be found.
You commented:
The thing is i want the installer.exe to not even give me a pop up asking for the password. But i can't find the correct parameter to give the password prior to installation.
Whether you can do that depends on how the installer is constructed. If it forces a GUI password prompt and does not provide a way to bypass that, then you cannot automate it reliably.
Alternatively: You could use a reference computer (a virtual machine would work well for this), use a snapshot tool that can log all changes to the file system and registry, run your installer, record the changes, and then build your own installer that doesn't require the password.
This question is probably much better suited to superuser, however.
I want to install a vnc.exe with powershell script , and I don't want to receive message box which ask me if I want to install this application , is possible to skip over this step with a powershell script or parameter .
Thank you !
See all the options at the end of http://www.uvnc.com/install/installation.html
I am running a large study where we have staff in various countries collecting information on tablet computers running Windows 10 Enterprise. Each staff member is assigned to a tablet and they log into the tablet with their standard username and password. These users do not have local admin rights on the machines, but all tablets have a single Administrator Username and Password which I know and these are uniform across the tablets.
Each night, users invoke a program on their tablets that uploads data to our servers and then we pass information back to the tablet during this synchronization process. Otherwise, they are disconnected from the internet. At the end of the synchronization process a program is executed that allows me to run any script I like, but the script executes under the standard user account (i.e. without elevated privileges).
I need to update all the tablets with a bug fix for software that they use on the tablets and I'd like to do this during the synchronization process. The bug fix is contained in a simple executable file that can be easily pushed to the staff memebers' tablets along with any code I like during the sync. If users were running the synchronization program as administrators, this wouldn't a problem as I could simply run the executable via a script at the end of the synchronization. But they aren't, so I'm trying to find a way that I could run a script (I don't really care what it is. It could be a windows batch file, a vbs script, VB.NET, powershell, etc.) and have that script execute with administrative privileges and run the installation without the UAC prompt interfering.
I don't even mind supplying the admin password in plaintext to be honest, since these users are all our employees and they can't really do anything really concerning to us with it (and I could always deploy a subsequent file through the synchronization process to delete the program that has the password in it). I realize this sounds somewhat complicated, but in a nutshell, I'd like to carry out these steps:
Send the bug update executable to the tablet computer (I can do this now)
Develop custom code, that will pass admin credentials to the tablet and install the executable in 1 without having the UAC appear (I can send the script to the tablet during sync but do not know how to execute it as the Admin without getting the UAC prompt).
Any ideas how I can do this? I've explored this all day with minimal success using PowerShell scripts like the ones described here and here. This was the closest I got after storing the credentials in $cred, but it continued to give me the UAC prompt:
Start-Process PowerShell.exe -Cred $cred -ArgumentList '-command &{Start-Process -FilePath C:\MySyncPath\BugFix32.exe -Verb runas}]
UPDATE
After some additional work, I think I'd be able to get this to run if I could somehow disable to UAC control with a script that can run under the regular user's account and pass the admin credentials to it. Any idea how I might be able to accomplish this? If I could get this to work, even with a reboot, I'd be able to accomplish what I need.
The actual issue you're having is that you want to update your application, but the application is in the Program Files folder (or some other location that standard users are not allowed to modify).
In order to allow any user the ability to update your program, you must grant all users Full Control to your folder. Ideally your application's installer would have done this adjustment to the DACL during installation (when the installer was running as an administrator).
For now you will have to settle for a final one-time requirement that the users elevate to administrator. Then you can disable all security on your application - allowing any user (malicious or not) to modify your application at will.
GrantEveryoneFullControlToFileOrFolder("C:\Program Files\Contoso");
with a pseudocode implementation of:
void GrantAllUsersFullControlToFileOrFolder(String path)
{
PACL oldDACL;
PACL newDACL;
PSECURITY_DESCRIPTOR sd;
//Get the current DALC (Discretionary Access Control List) and Security Descriptor
GetNamedSecurityInfo(path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
nil, nil, ref oldDACL, nil, ref sd);
//Create an SID for the "Users" group
PSID usersSid = StringToSid("S-1-5-32-545");
// Initialize an EXPLICIT_ACCESS structure for the new Access Control Entry (ACE)
EXPLICIT_ACCESS ea;
ZeroMemory(#ea, SizeOf(EXPLICIT_ACCESS));
ea.grfAccessPermissions = GENERIC_ALL;
ea.grfAccessMode = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE;
ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea.Trustee.ptstrName = PChar(usersSID);
// Create a new ACL that merges the new ACE into the existing ACL.
// SetEntriesInAcl takes care of adding the ACE in the correct order in the list
SetEntriesInAcl(1, #ea, oldDACL, ref newDACL); //use LocalFree to free returned newDACL
//Attach the new ACL as the object's new DACL
SetNamedSecurityInfo(path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,
nil, nil, newDACL, nil);
LocalFree(HLOCAL(sd));
LocalFree(HLOCAL(newDACL));
FreeSid(usersSID);
}
It's not completely unheard of for applications to be modifiable by any user: Most MMOs install updates while you play. MMOs usually have a shim applied by Microsoft that gives all users control of the application folder.
run the script as a domain admin account... and set execution policy before the script is run, then run as administrator... some applications are picky about UAC still, but Set-ExecutionPolicy [bypass/remotesigned] will ensure that you're not prompted. however, sharing and permissions may still be an issue if the domain admin account doesn't have access to the share. psexec does this, but it's literally a matter of doing what i just mentioned and the psexec file essentially writes out the permissions by the end of the script. the intent was to make sure that passwords weren't written in clear text, it hashes the password value. either way, if you want this done securely, using a GPO and making sure your file permissions/share is at the highest level might iterate out the prompt. that's why you'll see some batch files use %1 %2 %3 %4 %5 %6 %7 %8 %9 .... that's because it's automatically requesting elevation and will loop in an iterative cycle until the UAC prompt isn't necessary.
i know i'm bumping an old thread, but this is what i've found, trying to mix and match legacy cmd batches with powershell ... lots to consider about the execution policy leading into the call vs during the call...
This question is in the category of "when people ask for security holes as features".
You cannot bypass (or, if you prefer this phrasing, "programmatically accept") the UAC prompt and automatically elevate without interactive confirmation. UAC is designed specifically to prevent this. (If this were possible, all malware would do it.)
This isn't a PowerShell thing but a general windows 10 thing. You'd need to disable UAC for this. No experience with it on Windows 10 yet though.
You can try setting the EnableLUA registry key to 0. The key can be found in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
This will probably need a reboot to be active though.
I am currently working on a powershell script. The objective of this script is to import data from a .csv file from which new users are created if that username does not already exist in the Active Directory.
My question is how can I make this script run from any location so all I have to do is type the name of the script and it will run. I have been able to do this in BASH but can't figure out how to do this in power shell. So far google has been little help.
If it makes any difference i'm using Windows Server 2008 R2
The basic idea is to create Powershell Function which will do the work (or will call other script placed in other location) and put this method to Profile.ps1 script (the script which is loaded everytime you start powershell) - Look at Windows PowerShell Profiles for further details.
The link above for Powershell Function from Tomas Panik is not there anymore so I want to add to the answer here.
Short version:
You can create your function by using Powershell Function. However, this will only last for that session only.
In order for you to use your function regularly, you need to generate/add your function to your own PowerShell profile. Quick tutorials are here and here. Tomas Panik's link to Windows PowerShell Profiles also has very good info.
Update: thanks Hussein Al-Mosawi for reporting the old broken link!