I am starting a process with PowerShell using another user with elevated rights.
$username = "username"
$password = "password"
$startWithElevatedRights = "notepad"
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
Start-Process powershell -Credential $credentials -ArgumentList '-noprofile -command &{Start-Process ‘, $startWithElevatedRights, ‘ -Wait -verb runas}'
I know it's bad style to write user credentials to code, but it is used within full automated procedures, so this is necessary.
My problem is, that I cannot wait until the process (last code line) finished. The inner process waits as expected.
I tried the parameter -Wait, * | Wait-Process, * | Out-Null, with return Value (which is always null)
Nothing works.
Is there any solution waiting until the process has exited?
If there is any solution for PowerShell 2.0 it would be the best for my use case.
You can get Process object from Start-Process using PassThru parameter and then wait for it to exit.
$username = "username"
$password = "password"
$startWithElevatedRights = "notepad"
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
$ps = Start-Process -PassThru -FilePath powershell -Credential $credentials -ArgumentList '-noprofile -command &{Start-Process ', $startWithElevatedRights, ' -Wait -verb runas}'
$ps.WaitForExit()
Related
Good morning :S.
I can enter into a PSSession and execute cmdlets just fine, however, as soon as I specify an account to use, it just throws back an access is denied error. I've even tested with the same account and password that established the PSSession. This works locally just fine.
I am trying to integrate this into an SCCM application, so there isn't a whole lot of wiggle room.
EDIT: I put an easier code that doesn't work either below:
$username = 'DOMAIN\Username'
$password = 'P#ssword'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Process Notepad.exe -Credential $credential
#Execute variable
$myCommand = "'C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde' --status --disk 0"
#Credential Variables
$username = 'DOMAIN\USERNAME'
$Password = ConvertTo-SecureString -String 'P#ssword' -Force -AsPlainText
$credential = New-Object System.Management.Automation.PsCredential -ArgumentList $username, $Password
#Expression Variable
$expression = #"
try
{
& $myCommand | Out-File `C:\test.txt -Force
}
catch
{
`$_.Exception.Message | Out-File `C:\ERROR.txt -Force
}
"#
#Execute
Start-Process powershell.exe -ArgumentList "-c $expression" -Credential $credential
I have a script that runs in Powershell ISE but there is a part of that script that has to run in regular Powershell. The script that needs to run in Powershell has multiple lines.
When I try running the script like this:
<#
Some code runs up here
#>
$script = {
$PW = "Password1";
$PW = $PW | ConvertTo-SecureString -AsPlainText -Force;
Add-SQLAssessmentTask -ManagementGroup "SOME_ID_NUMBER" -SQLServerName $env:computername -WorkingDirectory C:\Temp\SQL -ScheduledTaskUsername domain\user -ScheduledTaskPassword $PW -Verbose;
}
$command = $script.ToString()
#Start-Process powershell -argumentlist $command
Start-Process powershell -argumentlist $script
I get the follow error:
When I run the script like this:
<#
Some code runs up here
#>
$arguments = "$PW = ""Password1""","$PW = $PW | ConvertTo-SecureString -AsPlainText -Force","Add-SQLAssessmentTask -ManagementGroup ""SOME_ID_NUMBER"" -SQLServerName $env:computername -WorkingDirectory C:\Temp\SQL -ScheduledTaskUsername domain\user -ScheduledTaskPassword $PW -Verbose"
Start-Process powershell -argumentlist $arguments
I get this error:
If I run each line in regular Powershell, one at a time, it works fine.
Any suggestions?
$Arguments is supposed to be a script block separated by semi-colons if you want to run multiple commands.
$arguments = {"$PW = ""Password1""";"$PW = $PW | ConvertTo-SecureString -AsPlainText -Force";"Add-SQLAssessmentTask -ManagementGroup ""SOME_ID_NUMBER"" -SQLServerName $env:computername -WorkingDirectory C:\Temp\SQL -ScheduledTaskUsername domain\user -ScheduledTaskPassword $PW -Verbose" }
Start-Process powershell -argumentlist $arguments
Hi when i try to do some code:
$Username = 'us'
$Password = 'password'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
powershell.exe -command "Invoke-Command -ComputerName server.com -scriptblock {pathCopyAndUnzip.ps1} -Credential $Cred"
This prompt me for a password but when i try to run this command like here (without powershell.exe):
Invoke-Command -ComputerName server.com -scriptblock {pathCopyAndUnzip.ps1} -Credential $Cred
it works without prompt. Do you know how to resolve that? I need to use option 1 because this command is runned from TFS build definition file like here:
<Exec Command="powershell.exe -command "Invoke-Command -ComputerName $(Server) -scriptblock {path} -Credential $Cred"" Condition="'$(RunTests)' == 'True'"/>
You could put your script into it's own file and then call that from TFS rather inline code.
C:\folder\script.ps1:
Param(
[string]$Username,
[string]$Password,
[string]$OtherParam,
)
$Password = $Password | ConvertTo-SecureString -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$Password
Invoke-Command -ComputerName server.com -FilePath "C:\folder\CopyAndUnzip.ps1 -Something $OtherParam" -Credential $Cred
Then call it like so:
<Exec Command="powershell.exe -command "C:\folder\script.ps1 -username user10 -password P#55w0rd -OtherParam Whatever" Condition="'$(RunTests)' == 'True'"/>
You could try to pipe the commands to powershell.exe like this:
'$Username = "us"; $Password = "password"; $pass = ConvertTo-SecureString -AsPlainText $Password -Force; $Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass; Invoke-Command -ComputerName server.com -scriptblock {pathCopyAndUnzip.ps1} -Credential $Cred' | powershell.exe -command -
<Exec Command="$(PsExecPath) -accepteula \\$(Server) cmd /C powershell -File FILEPATH " Condition="'$(RunTests)' == 'True'"/>
I used old good psExec :) Everything is work now.
I want to make a script for my users. It will let us install applications while there are not admins.
pw= get-content \\xxx\xxxx\xxx\xxx\pass.txt | convertto-securestring
$pp= new-object -typename System.Management.Automation.PSCredential -argumentlist "xx\admin",$pw
The file is created and is crypted.
$script = "\\xxxx\xxx\xxx\xxx\Install_chrome.ps1"
Start-Process powershell -Credential $pp -ArgumentList '-noprofile -command &{Start-Process $script -verb runas}' -RedirectStandardOutput c:\stdout.txt -RedirectStandardError c:\stderr.txt
Here's my error:
Start -Process : Unable to validate the argument on parameter "FilePath". The argument is null or empty. Specify an argument that is not null or empty and try again.
I am trying to figure out how to run powershell script with elevated credentials, and was told the best way to do this was with Start-Process
And this website, http://social.technet.microsoft.com/Forums/windowsserver/en-US/132e170f-e3e8-4178-9454-e37bfccd39ea/startprocess-verb-runas-credential is also good reference
But I am still having trouble.
I created one script for testing purposes, hello.ps1
write-host Hello World
That runs well by itself
Then, I created another script to invoke Hello World with elevated credentials
<#Previously created password file in C:\Script\cred.txt, read-host -assecurestring | convertfrom-securestring | out-file C:\Script\cred.txt#>
$password = get-content C:\Script\cred.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "DOMAIN\Username",$password
$script = "C:\script\hello.ps1"
Start-Process powershell -Credential $credentials -verb runas -ArgumentList "-file $script"
And I get error:
At C:\script\my_script.ps1:6 char:14
+ Start-Process <<<< powershell -Credential $credentials -verb runas -ArgumentList "-file $script"
+ CategoryInfo : InvalidArgument: (:) [Start-Process], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.StartProcessCommand
EDIT
#Adi Inbar
I updated the code as follows
$password = get-content C:\Script\cred.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "DOMAIN\Username",$password
$script = "C:\Script\hello.ps1"
Start-Process powershell -Credential $credentials -ArgumentList "-file $script"
But now a cmd windows pops up and the output is blank, instead of the expected "Hello World"
EDIT
And I read that you must include -FilePath if you include -Credential, but code is still not working :-(
It just pops-up the cmd window and no output is written in powershell_ise.exe GUI
<#Previously created password file in C:\Script\cred.txt, read-host -assecurestring | convertfrom-securestring | out-file C:\Script\cred.txt#>
$password = get-content C:\Script\cred.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "DOMAIN\Username",$password
$script = "C:\Script\hello.ps1"
Start-Process -FilePath C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Credential $credentials -ArgumentList "-file $script"
-Verb and -Credential are in different parameter sets. They cannot be used together. -Verb runas doesn't run the specified process as a different user (not to be confused with the runas command), it uses UAC to run the process with elevated privileges in the current user's context, like right-clicking and selecting "Run as administrator".
Just get rid of -Credential $credentials, and run the script while logged in with an account that has local admin privileges.
Well, I was able to answer parts of my question, because I still have a bigger question that I will post separately
'noexit' in -ArgumentList keeps the cmd window persistent, but at least it outputs the value, so at least I know the program is working
<#Previously created password file in C:\Script\cred.txt, read-host -assecurestring | convertfrom-securestring | out-file C:\Script\cred.txt#>
$password = get-content C:\Script\cred.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "DOMAIN\Username",$password
$script = "C:\Script\hello.ps1"
start-process powershell -Credential $credentials -ArgumentList '-noexit','-File', 'C:\script\hello.ps1'