I want to create a shortcut to all domain users when it is clicked, e.g. notepad++ in admin mode popup without asking users to input password.
i.e.notepad++ in admin mode
Same effect as I told user the admin username and password and ask them right click notepad++ icon then enter username and password.
I tried following but it is not working.
In cmd
"runas /savecred /user:{hostname}\admin "C:\Program Files\Notepad++\notepad++.exe"
It actually only starts notepad++ in normal mode, even I entered admin password.
I tried autoit, but since even running the above not starting notepad++ in admin mode, so it is not working too. I think sanur also not working.
In powershell
Start-Process 'C:\Program Files\Notepad++\notepad++.exe' -Verb runAs
Elevated window pop up and asking to enter admin username and password, the notepad++ started is in admin mode, but I don't want the pop up. And I couldn't find a way pass in the username and password.
In powershell
$username = "admin"
$password = "password"
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
powershell Start-Process "C:\Program Files\Notepad++\notepad++.exe" -Credential ($credentials)
It actually only starts notepad++ in normal mode.
Thank you Theo for the comments.
The solution is
Create a shortcut and set it run as admin, eg, C:\temp\Notepad++.lnk
By right-click the normal shortcut --> Advanced --> tick Run as administrator --> OK
Create a .bat to start the shortcut eg, C:\temp\notepad.bat (we need this step because runas cannot start .lnk file)
The .bat file here also written to avoid a cmd window popup when run
#echo off
#start "" "C:\temp\Notepad++.lnk"
Create autoit script to run the .bat by runas, eg. notepad.au3
RunAs ( "{adminAccount}", "{hostname}", "{adminPassword}", 1, "C:\temp\notepad.bat")
Use autoit to turn au3 script to exe
The notepad++ in admin mode will be started without any elevated window pop up to ask you for admin credential.
Related
How can I do a powershell script to ask for administrator rights to the user? To open modal and accept or enter admin password. Is it possible?
I have written a small snippet, add it to the beginning of your script.
if(!([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
Start-Process -FilePath PowerShell.exe -Verb Runas -ArgumentList "-File `"$($MyInvocation.MyCommand.Path)`" `"$($MyInvocation.MyCommand.UnboundArguments)`""
Exit
}
}
This will check if the script has elevated privileges, if not will present UAC dialog (If secure desktop is enabled, then modal dialog) to ask for administrator credentials to auto elevate.
Duplicate
You should check if you're not admin and run new process (probably with same args) but with RunAs ( means RequireElevation ) flag. Please note, that if UAC is lowered or disabled, this might not work at all.
start-process powershell –verb runAs (you can pass additional properties like $PSCommandPath)
Notes:
You can not to Elevate current process
You can not (using powershell only) run process elevated even if you have admin credentials stored in variables.
I have an RDS environment with an epos application that runs fine under the user that initially installed it but requires any other user to specifically right click the exe and select 'run as administrator' I have a local admin that I would like to use in a script to automate that action and applies the creds for the user.
I have tried the following.
# Construct the credentials object
$username = "svr-rds\xxx"
$password = ConvertTo-SecureString "xxx" -AsPlainText -Force
$cred = New-Object PSCredential -argumentlist $username, $password
Start-Process powershell.exe -Credential $cred -WindowStyle Hidden `
'-noprofile -command "Start-Process C:\Montana\Montana.exe /k -Verb RunAs"'
I have found though that the runas command no matter how you use it opens the application as an empty application frame, if I've researched right, the runas command is not the same as specifically elevating to admin.
is there a solution to this?
Note you stated...
epos application that runs fine under the user that initially
installed it...
Then to install and app, you need to be Admin on the box or use Admin creds when prompted. So, the app is installed as an Admin and global to all users and that app is associated with the user initial user identity only. So, when another user logs on to this what appears to be a shared workstation, that app is never associated with any other user profile. So, one must use the installer identity.
PoSH notwithstanding. RunAs has never meant 'Run Elevated'. It's always meant run with the supplied identity.
Suggestion:
Why not just create a shortcut to the .exe and set it's properties to run as admin?
You can just use that to launch the app with the shortcut settings.
invoke-item 'AppName.lnk'
Example, I run an a regular use all the time, my PoSH host environment is set to restricted. Yet, because I do all things admin in PoSH, I start PoSH as admin and elevated this way:
# Shortcut properties for the ISE
C:\Windows\System32\runas.exe /user:contoso\Administrator "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy UnRestricted PowerShell_ISE.exe"
# Shortcut properties for the Console Host
C:\Windows\System32\runas.exe /user:contoso\Administrator "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted"
Or just create a shortcut and set the 'Run as administrator' checkbox under the advanced tab of the shortcut properties. if you don't need the extra ExecutionPolicy step as above. Then the whole invoke step.
I'm attempting to launch a powershell script that requests my password for an admin account for credentials. Once it has my credentials it opens a powershell shell, launches a windows explorer window, and an application, all with the admin credentials. Ideally I would also like for the explorer window and shell to open to a specific location but i haven't tried coding that until I get the credentials working correctly.
Currently every time I try the following code I am told that the username and password is incorrect when I know for a fact that it is the correct username and password.
$MyCredentials = Get-Credential -Credential ''
Start-Process powershell.exe -Credential $MyCredentials -ArgumentList "Start-Process powershell.exe -verb runas"
Start-Process explorer.exe -Credential $MyCredentials
Start-Process 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.exe' -Credential $MyCredentials
When I start the powershell with Credential parameter that uses domain credentials from the domain computer, the keyboard stops working:
start powershell -Credential $DomainUser
If I start cmd keyboard works, and when I start powershell from cmd it stops again.
If I use
start powershell -Credential $DomainUser -ArgumentList "1+1; sleep 2"
I can see the commands executed normally and this is the only way I can execute them.
If I run
start powershell -Credential $DomainUser -ArgumentList '-NoExit -Command "pause"'
I can type the letters while pause is in effect, after it finishes no typing again.
If I shift + context menu and run powershell as domain user via Run as different user option it works.
It happens on multiple Windows 8 and 10 OSes and Posh 4+.
Anybody knows what is going on ?
I've spent quite a bit of time banging my head on this one. A little StackOverflow help please, good folks!
Scenario: We are trying to run a custom .bat file located on the CI server via the TeamCity Powershell step.
When powershell script is run on local box manually, it kicks off .bat file correctly.
When powershell script is run through TeamCity, it successfully 'sees' the .bat file (validated by receiving a 'cannot find file' response when I rename the .bat file it is expecting)
HOWEVER, we have not seen any indication that the .bat file was actually kicked off.
What we've tried:
We've added the 'RedirectStandardOutput' and 'RedirectStandardError' for attempt to diagnose, but although the log file is created, it is returned blank.
We've granted filepath permissions and tried two different credentials including the credential of the TC build agent
Added "-wait" at one point to see if we needed to 'tell' PS to wait on the .bat file.
Two questions...
What is preventing us from running this .bat file?
How do we diagnose issues like this? ATM it is a 'blackbox' to us.
TeamCity Powershell settings:
Powershell Run Mode: Version 1.0; Bitness x64 (tried x86 as well)
Working Directory: Tried as blank, and specific filepath of .bat file (so, 'D:\folder\folder2\')
Script: Source Code
Script Execution: Execute .ps1 from external file (tried with 'Put script into PowerShell stdin with "-Command -" argument' as well)
Add -NoProfile argument (tried both)
Powershell script:
#Predefine necessary information
$Username = "DOMAIN\username"
$Password = "password"
$ComputerName = "CI Build Server Name"
#Create credential object
$SecurePassWord = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $Username, $SecurePassWord
#Start batch file
Start-Process "testbat.bat" -WorkingDirectory D:\file\path\ -Credential ($Cred)-NoNewWindow -RedirectStandardError stderr.txt -RedirectStandardOutput stdout.txt
Write-Host "Executed powershell."
UPDATE 1: If we remove the '-Credential ($Cred)' portion we are able to kick off the testbat.bat file from TeamCity, as expected. The problem must lie with that "-Credential ($Cred)" argument, somehow. Any thoughts?
UPDATE 2: If we set the '-Credential ($Cred)' portion to the credential of the build agent user we are able to kick off the test.bat file from TeamCity. The problem only occurs when we set the credential to a user other than the one running the build agent. This seems to indicate that credential syntax is fine.
UPDATE 3: Tried running with PowerShell executionpolicy set to 'RemoteSigned' and 'Unrestricted'. Problem persists.
UPDATE 4: Gave the BuildAgent user, and the user of whom we want to run this as, full permissions to powershell via 'Set-PSSessionConfiguration'. Problem persists.
$credential = New-Object System.Management.Automation.PsCredential(".\user", (ConvertTo-SecureString "pass" -AsPlainText -Force))
Start-Process powershell -Credential $credential -ArgumentList '-noprofile -command &{Start-Process D:\file\path\test.bat -NoNewWindow -RedirectStandardError stderr.txt -RedirectStandardOutput stdout.txt }'
note:
first i get credential "user" ur user then convert your pass to plain text
then start-process with your credential set
If agent is running as service under Local System account, then it's not possible to run PowerShell under specified account. The workarounds are:
Run agent via command line.
Try to run agent service under another account (not Local System) with administrator rights, probably it will help.
Try RunAs plugin. It provides an ability to run builds under the specified user account.