Can't start PowerShell script file with credentials of other user - powershell

I have a GUI that has been created with PowerShell Studio and exported as a PS1-file. I'm now trying to launch this GUI by calling it with another user's credentials.
When I run the code it doesn't even give an error message. PowerShell pops-up and closes again in seconds and nothing is launched. Follwoing this thread, I think I followed the correct syntax.
$Script = 'S:\Prod\Script center\GUI Script.ps1'
$Credentials = Get-Credential
$powershellArguments = "-file '$Script'", "-noexit", "-verb runas"
Start-Process powershell -Credential $Credentials -ArgumentList $powershellArguments
These ones doesn't work either:
Start-Process powershell -Credential $Credentials -ArgumentList "-noprofile -command &{Start-Process powershell -verb runas -File 'S:\Prod\Script center\GUI Script.ps1'}"
Start-Process powershell -Credential $Credentials -ArgumentList "-noprofile -command &{Start-Process $script -verb runas}"
And this one is asking me the credentials, although they are already saved in the variable $Credentials. However, the powershell console launched is not launched as the user in the Credentials :(
$cmd = 'powershell.exe'
$arguments = "-NoExit", "-NoProfile", "-WindowStyle Maximized", '-NoLogo', "Credential $Credentials", "File '$script'"
Start-Process $cmd -ArgumentList $arguments -Verb runAs
I'm sure it's not related to the GUI script, because this works perfectly fine:
& 'S:\Prod\Script center\GUI Script.ps1'
Any help is greatly appreciated.

Maybe your error is only on argument single quotes $powershellArguments = "-file '$Script'"; double quotes should be used.
Start-Process -FilePath "powershell" -Credential $cred -ArgumentList #("-file 'cred.ps1'") # doesn't work
Start-Process -FilePath "powershell" -Credential $cred -ArgumentList #("-file ""cred.ps1""") # works

Related

How can i run a specific codeblock in PowerShell as an administrator

I want to set registry keys in a PowerShell script but the script has to be executed as the logged in User and only the part where registry keys are set need to run with administrator privileges.
This is what i got yet, unfortunately it is not working:
#Run ScriptBlock as admin
$username = ".\admin"
$password = ConvertTo-SecureString "adminpassword" -AsPlainText -Force
$credential = [pscredential]::new($username,$password)
Start-Process -WindowStyle Hidden -FilePath "powershell" -Credential $credential - ArgumentList '-noprofile -command &{$ScriptBlock -verb runas}'
Is there a better way to do it? I'm really new into scripting.
Thanks a lot!

Using Invoke-Command to run Start-Process in an elevated session

As a precursor to running an installation file on several remote servers, I need to update the Powershell setting MaxMemoryPerShellMB. This requires running a PS session as Administrator on the remote server. I have been trying to run Invoke-Command which then runs a ScriptBlock consisting of a Start-Process command which includes the -Verb RunAs parameter. Nothing seems to work, however.
I have tried with various quoting schemes, single, double, triple, but nothing seems to work.
I've tried running the Start-Process from an Enter-PSSession, with the same results.
Following is the code I'm testing now:
$creds = Get-Credential -Username 'DOMAIN\userID' -Message "Enter Username and Password to access the remote servers."
$ScriptBlock = {
Start-Process -FilePath Powershell.exe -ArgumentList """Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024""" -Verb RunAs -Wait
}
Invoke-Command -ComputerName testsvr01 -Credential $creds -ScriptBlock $ScriptBlock
I should be able to RDP to the remote server and run Get-Item WSMan:\localhost\Shell and have it show the updated value, but the value isn't changed.
When running the code it pauses for a second when the Invoke-Command runs, but other than that, there is no feedback in Powershell.
On the remote server I see the following two Kerberos errors in the System Event log.
0x19 KDC_ERR_PREAUTH_REQUIRED,
0xd KDC_ERR_BADOPTION
Any help is greatly appreciated.
> powershell.exe -?
...
EXAMPLES
...
PowerShell -Command "& {Get-EventLog -LogName security}"
-Command
...
To write a string that runs a Windows PowerShell command, use the format:
"& {<command>}"
where the quotation marks indicate a string and the invoke operator (&)
causes the command to be executed.
So you could try to call Set-Item in the following way:
$ScriptBlock = {
Start-Process -FilePath Powershell.exe -ArgumentList "-Command"," &{ Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024 }" -Verb RunAs -Wait -PassThru
}
$process = Invoke-Command -ComputerName testsvr01 -Credential $creds -ScriptBlock $ScriptBlock
$process.ExitCode
I'm also returning a process object via -PassThru on which you might check the `ExitCode``
Hope that helps

How to pass argument to Start-Process

I'd like to run this command
net start "PTV LOXANE xDataServer 1.4.1.067" using Start-Process in powershell with admin rights.
My problem is how to give the quote to ArgumentList.
I've tried this but it doesn't work
Start-Process net -ArgumentList "stop \"PTV LOXANE xDataServer 1.4.1.067\"" -Verb runas -wait -NoNewWindow -PassThru
I've found how to do it. You must double the quotes:
Start-Process net -ArgumentList "start ""PTV LOXANE xDataServer 1.4.1.067""" -wait -PassThru -Verb runas
Now I've got a second question. How can I run this command when calling powershell ?
This doesn't work:
powershell -Command 'Start-Process net -ArgumentList "start ""PTV LOXANE xDataServer 1.4.1.067""" -wait -PassThru -Verb runas'

Call variable from within a string

I'm trying to use Powershell to open AD U&C in another domain (/domain switch) using a variable.
No domain switch used, works (just not the domain I want):
Start-Process powershell -Credential $domvar'\'$id -ArgumentList '-command &{Start-Process mmc -verb Runas -ArgumentList "C:\Windows\System32\dsa.msc"}'
Defining a specific domain in an array works:
Start-Process powershell -Credential $domvar'\'$id -ArgumentList '-command &{Start-Process mmc -verb Runas -ArgumentList #("C:\Windows\System32\dsa.msc" /domain=domain.com)}'
BUT
Adding /domain=$domain does not (double quoting everything in the ArgumentList did not help):
Start-Process powershell -Credential $domvar'\'$id -ArgumentList '-command &{Start-Process mmc -verb Runas -ArgumentList "C:\Windows\System32\dsa.msc" /domain=$domain}'
NOR
Changing domain.com to my variable $domain:
Start-Process powershell -Credential $domvar'\'$id -ArgumentList '-command &{Start-Process mmc -verb Runas -ArgumentList #("C:\Windows\System32\dsa.msc" /domain=$domain)}'
Also, a new window pops up and I see the red error font but I'm not sure how to grab that information. Tried using debugging and stepping into but didn't work.
In powershell single quotes do NOT perform variable substitution. In your case you can probably just change the single quotes around your command to double quotes. For the double quotes inside the quoted string you can include the $ as a literal by preceding it with a backtick.
"-command &{Start-Process mmc -verb Runas -ArgumentList `"C:\Windows\System32\dsa.msc`" /domain=$($domain)}"

Start PowerShell process as administrator - Window closes

Using the below code in a PowerShell window:
$User = 'testuser1'
$Password = 'Pa$$w0rd' | ConvertTo-SecureString -AsPlainText -Force
$Credential = New-Object PSCredential -ArgumentList $User, $Password
Start-Process powershell -Credential $Credential
This works fine, but the PowerShell instance is not in elevated administrator mode. I tried:
$Arguments = "Start-Process powershell -Verb -RunAs"
Start-Process powershell -Credential $Credential -ArgumentList $Arguments
This opens a PowerShell instance, but it closes immediately.
How can I stop the new, elevated PowerShell instance closing?
$Arguments = "Start-Process powershell -Verb RunAs"
Start-Process powershell -Credential $Credential -ArgumentList $Arguments
RunAs is not a parameter but value :)
If you correct this, you will be able to run Powershell console properly.