I want to run aa remote process (winword.exe more specifically) from a remote machine using Powershell 2.0. One requirement is that the process is run by a non-admin user account. I'm able to run winword.exe if the user is part of the local administrator group on the remote machine, however when I remove it from the admin group, it fails - I get a winword.exe cannot be found error (32bit winword running on a 64bit 2008 server).
I've tried adjusting the PSSession configuration by granting the non-admin user account more elevated priveleges but it still fails:
Set-PSSessionConfiguration Microsoft.Powershell -ShowSecurityDescriptorUI
Is there something I'm missing here? Or does the user account explicitly require admin level priveleges on the server? Although PS tools would be a nice alternative, I would prefer using PS.
Have a look to the "Understanding Session Configurations" paragrph in the Administrator's guide to PowerShell Remoting from PowerShell.com.
Related
I am a Global Admin I can run set-moverequest in PowerShell.
I want to give another IT staff member permission so that he can also run this command to help me migrate users from the local exchange to exchange 365
What are the Roles in M365 which allow you to run this command?
Is there any way we can check in PS what Role is required to run any specific command?
P.S: my colleague has a Helpdesk Administrator role in M365, and he gets error when try to run the command.
Changing registry without admins rights windows 10
What would be the best way add an entry XXX on windows registry with password
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\XXX
current permission for everyone are Read.
Tried this :
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker]
#="Run as user without UAC privilege elevation"
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command]
#="cmd /min /C \"set __COMPAT_LAYER=RUNASINVOKER && start \"\" \"%1\"\""
Coming up with Registry error:
Cannot import RegFix.reg: not all data was successfully written to the registry. Some keys are open by the system or other processes, or you have insufficient privileges to perform this operations.
If it cant be done any other option, using powershell, or an executable file, without revealing the password.
I would suggest looking into this link: http://woshub.com/run-program-without-admin-password-and-bypass-uac-prompt/
You can open registry even if it is admin protected with a batch file that runs registry with the RUNASINVOKER compatibility mode, also in this link is a registry file that allows you to run things as admin without UAC coming up. To change elements in the registry it requires administrator privileges since it affects the system configuration like how System32 cannot be edited without administrator permissions.
You cannot write to HKLM or HKCR without admin rights. There is no workaround
Ken white is correct under normal circumstances but if you use the registry file in the link (which you need administrators rights to import to registry) you can bypass UAC and run registry as admin allowing you to edit the registry.
Here is my scenario:
I have several computers all on the same domain. Users authenticate against the domain to log into their workstations.
All the local Administrator passwords on the workstations are the same.
What I want to do is execute script remotely using Invoke-Command so that I can create balloon-tip notifications on the users desktop. The problem seems to be that I have to execute the remote script as the local Administrator on each workstation, but I want the balloon tip to popup on the desktop of the logged in user.
Is there a way to do this?
I'm running PowerShell 3.0, but most of the target machines would be 2.0.
I have a problem with running RunAs mode in TestComplete7.
I use:
var p = TestedApps.MyApp.RunAs("domain", "user", "password");
but without success.
I get this error:
**************************************************
Unable to run "MyApp" under the Domain\User account.
Make sure that the password and other parameters are valid and you have sufficient rights to run processes under another user account.
**************************************************
I'm running TestComplete in Administrator mode and I've done everything as explained in TestComplete Help.
Check out this TestComplete support article for troubleshooting tips. Some key points from this article:
Is the Secondary Logon service running?
Are the domain, user name and password valid and spelled correctly?
Try Windows runas command with an arbitrary application (e.g. Notepad) and exactly the same credentials and see if it works.
Is the password non-empty? (Accounts with empty passwords aren't supported for RunAs in TestComplete.)
Does this account have permissions for actually executing the application?
I need to read a file on a remote server, however I dont have permissions to do so. If I use another account with elevated rights, I can. I would like to run the script from anywhere with the credentials built into the script (accepting the risks).
If you just need access to the file you can establish credentials an any manner. If you don't have a drive mapped you can use the net use command or the Get-Credential commandlet. Once you establish access with a valid user name you should be fine unless you need some type of elevate privileges on your box