I have a windows service that runs and manages multiple processes.
All the processes are running under the user account as per the task manager details tab. So one of the processes is executing a PowerShell script to do some operation that requires a local user account.
I tried logging $env:username, it says the PowerShell script is executed under the system account.
If I manually start the process without any help from the windows service then the PowerShell script executes successfully and also logs that the $env:username is locally logged in user account.
Note: the windows service is starting those processes using CreateProcessAsUser method which supposedly starts the child process under local user account. But somehow it seems that the task manager shows its running under user account but behind the scenes, it's running under the system account.
Can anyone tell me how I can execute the script under a local user account?
The cmd that I use to run the PowerShell script is
Powershell.exe -NoProfile -ExecutionPolicy Unrestricted -Command ../powershellscript.ps1
Related
I've created numerous scripts in PowerShell that are working as intended if I execute them directly, however, when I try and setup a schedule to run these in Task Scheduler (to run with highest privileges) it doesn't seem to be running anything at all.
I'm running the following in my actions:
powershell.exe -ExecutionPolicy Bypass -File C:\PS\Mailboxes\CheckForwardingList.ps1
I'm getting a "Last Run Result" of 0x0 and the particular purpose of the above script is to generate a TXT file from EXO which it then mails out via SMTP and I've yet to receive any emails and I also don't see any TXT being generated in the folder where the script is located.
I do have two additional scripts setup which aren't running but once I've addressed the issue on the above this should quickly rectify the problems.
I like to test my PowerShell scripts from a command prompt first.
For example a script called C:\Tests\Test-PowerShellScriptsRunning.ps1 that only contains the following one liner helps me to test if scripts can run successfully on a machine
Write-Host -ForegroundColor Yellow "If you see this, then your script is running"
Next, I run this script from a command prompt, to get the syntax right in my scheduled task:
powershell.exe -nologo -file c:\Tests\Test-PowerShellScriptsRunning.ps1
Of course, you can add the -Executionpolicy bypass parameter, but I prefer to test the execution policy first.
However, as you are running a script that connects to ExchangeOnline, I suspect it has to do with the user you are running this task under. Does the script run if you run this task under your credentials or are the credentials stored on the system or in the script?
You might want to check this article to see how you can register an app and authenticate without storing your credentials on the machine to run the script unattended: App-only authentication for unattended scripts in the EXO V2 module
We are trying to execute a powershell script that will import a scheduled task to non domain and domain joined computers in our organization. The task is simply to disable wifi adapter when an ethernet cable is connected. I exported the task as a .xml and then can get the task to run as admin and complete successfully. However when we attempt to run logged in as normal user, the UAC box pops up asking for admin username and password. I created the task as both domain admin and local admin accounts and tried both, with same result when running the .bat as normal user.
This is my script so far (I have no previous experience in writing powershell):
Copy-Item -Path D:\WiFi -Destination C:\PCM\Utils -Recurse;
schtasks /create /tn "Ethernet On-Disable Wifi" /xml "C:\PCM\Utils\WiFi\Ethernet On-Disable Wifi.xml" /ru Domain\admin /rp domainpw;
schtasks /create /tn "Ethernet Off-Enable Wifi" /xml "C:\PCM\Utils\WiFi\Ethernet Off-Enable Wifi.xml" /ru Domain\admin /rp domainpw;
*
I'd like to be able to run this as %computername%\localadmin as that account is on all laptops...
The first line copies a folder with the .xml from a thumb drive to a folder on laptop. Then it creates the tasks. If I am logged into the laptop as admin, the batch runs fine, but as a local user, it fails with the following:
Error Image
Basically, it copies the folder fine, then ERROR: Access is denied.
I'm pretty sure its because the user logged in does not have rights to create the task. Is there a way to have the task run as localadmin and complete?
We run this .bat file to fire off the .ps1 from the folder that gets copied to laptop.
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& 'D:\WifiTask\WifiTask.ps1'"
pause
Sorry if the description of this issue is vague or confusing, just trying to learn as I go....thanks
No, a normal user will not be able to create a system scheduled task without getting prompted for elevation by UAC.
For domain computers, you could try:
Group policy to create the scheduled task
Group policy to run your script as the local system user
Script that connects to computers as Admin user and pushes your xml and wifitask.ps1 like Invoke-Command
Off-domain PCs are more difficult, you would want to do it the same way you currently install other software. Manually run as-admin? Software deployment agent? Remote management tools?
I am required to run a Jenkins job that that is to be executed on a slave machine from the master machine. The job comprises of running some powershell scripts on the logged slave machine.
I am using an account to login from master to slave which I suppose, doesn't have the admin rights as the behavior of the script differs when run as an administrator in the machine to that when run in locally on it.
How can I really confirm if the user provided to me has the admin rights?
In PowerShell 4.0 and newer, you can use the #Requires -RunAsAdministrator comment at the top of the script to prevent the script from running if the current user is not elevated. For earlier PowerShell versions, you can terminate the script if the current user is not elevated using code. For example:
$elevated = ([Security.Principal.WindowsPrincipal] `
[Security.Principal.WindowsIdentity]::GetCurrent()
).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if ( -not $elevated ) {
throw "This script must be run elevated (Run as administrator)."
}
I am trying to run the following script upon startup of my machine because I cannot get a service to start on startup. I can schedule it to run. The problem I am facing seems to be a user vs administrator issue.
This is for a Windows 7 machine with PowerShell 4.0.
I have set the execution policy to unrestricted.
When I try to run the script as the User I designated to have administrative privileges I see the following error.
When I right click the powershell icon, run as administrator the command works fine.
The command is
get-service -name "*vmauthd*" |start-service
Is it possible to run this as my user account?
Solution I was able to get this script to run on startup as I initially desired. I turned off UAC and set the execution policy to unrestricted. I am not sure if the UAC was the issue before but the script runs now. I created a cmd file with this in the code. I set the cmd file to run at startup using Windows Task Scheduler and set the task to run whether logged in or not.
PowerShell -Command "Set-ExecutionPolicy Unrestricted"
PowerShell -Command "get-service -name "vmauthd" | start-service"
pause
Here is an image of the cmd file
I need using powershell script to kill a process, however access denied. How can I get admin with powershell script? In addition, I do not want to input Admin account and password manually. The Get-Admin process needs to be done automatically. What am I suppose to do?
You would need to elivate your script, or console prompt, to use the "run as administrator" option. A good example script can be found here on how you might do this in your script.
The meat of the script provided in the link just takes the user running the script and verify if the current session is elavated. If it is not you have to open one up as that in order to kill a process. You would also deal with UAC if you are on Windows, that if the user running it does not have local admin rights you will be prompted to enter credentials.
Snippet of the code that verifies if the execution account is admin:
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
$myWindowsPrincipal.IsInRole($adminRole)
You can find a few other options to get elevated permissions here.
Just do
start-process pwsh -Verb RunAs
or
start-process powershell -Verb RunAs
to get yourself an elevated shell. Then run the command you want