I need to run a Powershell script to create AD user via a batch file. The thing is I need to run this PS script with elevated privileges (domain admin account). I have tried to script a '.bat' file which encloses all this information but I have been unsuccessful so far. Here is the script :
echo off
cls
echo Sign in with your ADM ID
set /p username=
powershell -noprofile -command "&{ start-process powershell -ArgumentList '-
noprofile -file C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-
Aduser_test.ps1' -verb RunAs}"
I have tried with line /netonly /user:adm#domain but It won't work.
Do you guys have any idea?
Thanks in advance.
I have finally ended up with this :
runas.exe /netonly /noprofile /user:domainadm#domain "powershell.exe -
noprofile -File "C:\Users\...\Desktop\Powershell_scripts\New-
ADuser\.ps1" -verb RunAs"
It works like a charm now!
Hope it will help anyone in need. ;)
you can start powershell with another credentials
#echo off
cls
echo Sign in with your ADM ID
set/P user="* user: "
rem set/P pass="* password: "
set "psCmd=powershell -Command "$pwd = read-host '* password' -AsSecureString; $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd); [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)""
for /F "usebackq delims=" %%P in (`%psCmd%`) do set "pass=%%P"
powershell -executionpolicy bypass -Command "$p='%pass%'|convertto-securestring -asplaintext -force;$c=new-object -typename system.management.automation.pscredential('%user%',$p);start-process 'powershell' '-Command "C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-Aduser_test.ps1"' -credential $c -passthru -wait; read-host;"
exit/B
or simply
#echo off
cls
powershell -executionpolicy bypass -Command "start-process 'powershell' '-Command "C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-Aduser_test.ps1"' -credential $c -passthru -wait; read-host;"
exit/B
that will prompt for credentials
Related
I have this powershell command that must run as administartor in powershell. I want to run as a batch file as administator. Would you please help me?
Get-AppxPackage -allusers ContentDeliveryManager | foreach {Add-AppxPackage "$($_.InstallLocation)\appxmanifest.xml" -DisableDevelopmentMode -register }
To avoid the problem of double/double quote, i suggest you to put your command in a script.ps1 then do this command:
PowerShell -windowstyle hidden -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -windowstyle hidden -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""YourScript.ps1""' -Verb RunAs}"
Try this batch
<# : batch script
#echo off
cd /D "%~dp0"
if not "%1"=="am_admin" (powershell start -verb runas '%0' am_admin & exit /b)
setlocal
cd %~dp0
powershell -executionpolicy remotesigned -Command "Invoke-Expression $([System.IO.File]::ReadAllText('%~f0'))"
endlocal
goto:eof
#>
# here write your powershell commands...
Get-AppxPackage -allusers ContentDeliveryManager | foreach {Add-AppxPackage "$($_.InstallLocation)\appxmanifest.xml" -DisableDevelopmentMode -register }
save it as .bat or .cmd and run it.
You can run it like this:
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -Command ""& {Get-AppxPackage -allusers ContentDeliveryManager | foreach {Add-AppxPackage ""$($_.InstallLocation)\appxmanifest.xml"" -DisableDevelopmentMode -register }"" -Verb RunAs}"
UPDATE
Fixed double quotes
I would like to run the following as administrator:
PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName $env:computername
-OutputFile .\computers.csv -append
I would like to simply double click on a .cmd or .bat file and have it invoke the Powershell script as administrator. Here's what I have:
PowerShell "SL -PSPath '%CD%'; $Path = (GL).Path; SL ~; Start
PowerShell -Verb RunAs -Args \"-ExecutionPolicy Unrestricted -Noexit"
SL -PSPath '"$Path"'; & '".\UninstallBloatware.ps1" "-ComputerName
$env:computername" "-OutputFile .\computers.csv" "-append"' "\""
I copied most of the code above from somewhere I can't remember. I don't know enough about quotes structure to know how to fix this. Any ideas what I'm doing wrong?
In my current environment I have a local admin and domain account. I have created a powershell script which runs well when logged into my domain admin account. However, I wish to adapt the script to prompt the user for credentials and then run the script if they have permission.
The current script imports AD and presents the user with a menu. I would like to prompt the user for credentials then present them with the menu if correct.
I have tried adding:
start-process powershell.exe -argument C:\Users\Auser\Documents\User Leaver script test.ps1 -credential ""
I know this is not the correct method to verify then run the script and other parameters are needed.
An excerpt from the script is contained in the following:
$Programstop="No" #Used to Loop
Do
{
PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Unrestricted -File ""C:\Users\Auser\Documents\User Leaver script test.ps1""' -Verb RunAs}"; #This line runs script as admin automatically, change file path to point at your script.
Import-Module ActiveDirectory
set-location ad:"dc=fakepleace,dc=local"
Write-Host "
$Credentials = Get-Credentials
Start-Process powershell.exe -argument C:\Users\Auser\Documents\User Leaver script test.ps1 -credential $Credentials -Verb RunAs
I just used this code (on a ps1 file) to recycle my ApplicationPool:
$WebserverName="MySite"
# Load IIS module:
Import-Module WebAdministration
# Get pool name by the site name:
$pool = (Get-Item "IIS:\Sites\$WebserverName"| Select-Object applicationPool).applicationPool
# Recycle the application pool:
Restart-WebAppPool $pool
But it show me this error:
Import-Module : Process should have elevated status to access IIS
So, i searched on internet and i was able to create this .bat file:
#ECHO OFF
#cd ..
#SET DebugLevel=3
#SET PowerShellScriptPath=.\Header.ps1
#SET CurrentScriptName=%~n0.ps1
#PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList ' -NoProfile -ExecutionPolicy Bypass -File ""%PowerShellScriptPath%"" ""%CurrentScriptName%"" ""%DebugLevel%""' -Verb RunAs}"
#pause
I runned it, logged with the administrator user but it shows me a blue screen (from powershell) and suddenly it stops.
I did something wrong?
Thanks!
Try this:
#SET PowerShellScriptPath=.\Header.ps1
#PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList ' -NoProfile -ExecutionPolicy Bypass -File ""%PowerShellScriptPath%"" ' -Verb RunAs}"
You batch has some extra stuff you don't need.
Ensure that the user running this process has admin rights within the box you're attempting to run this against. This wound up solving the issue for me.
I have a powershell script and a bat file that launches it. I want the bat file to open powershell, then have powershell start another shell with elevated privileges, then run two commands. First command is change directory, second command is start a powershell script.
So far I have this:
powershell -NoProfile -ExecutionPolicy ByPass -Command "& {Start-Process PowerShell -Verb RunAs -ArgumentList '-NoExit -NoProfile -ExecutionPolicy Bypass cd %~dp0 .\App\Deploy-Application.ps1}'"
This is the section I'm having problems with:
cd %~dp0 .\App\Deploy-Application.ps1
I want to run these two commands but I'm not sure how. It runs a single command. I tried adding a semicolon between the commands but it didn't work.
Made a quick test and this is what i got working:
Test.bat
cd %~dp0
powershell -NoProfile -Command ".\test.ps1"
Test.ps1
If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
$arguments = "-noprofile & '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}
Write-Host "Rawr"
Pause
If i run the batch file, it opens the powershell script that then checks if the current window is being run as an administrator and if not, reopens the script as an administrator.
After which it displays Rawr on my screen.
In your case instead of the Write-Host you could put
If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
$arguments = "-noprofile & '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}
cd <Your directory to change to here>
<run command here>
Pause