Results 1 to 2 of 2
  1. #1
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts

    Can't figure how to elevate privileges with different user account

    Hey Y'all,

    While working on a problem for someone else I came across this little doozy.

    I can create a password credential file with this code and save it to a file on my NAS:
    Code:
    $passwrd = Read-Host "Enter Admin Password..." -AsSecureString
    $encpwd = ConvertFrom-SecureString $passwrd
    $encpwd > "\\MYBOOKLIVE\CMShared\Credentials\cred.bin"
    Then using this code from a Standard User Account attempt to create a new PS instance w/admin privleges:
    Code:
    $CallingUser = $env:USERNAME
    $CallingProfile = $env:USERPROFILE
    
    $encpwd = Get-Content "\\MYBOOKLIVE\CMShared\Credentials\cred.bin"
    $passwd = ConvertTo-SecureString $encpwd
    $cred = New-Object System.Management.Automation.PSCredential 'DELLXPS14Z\Bruce', $passwd
    
    Start-Process PowerShell -Credential $cred -ArgumentList '-noexit',
            '-File',"G:\BEKDocs\Scripts\Get-UserInfo.ps1 $CallingUser $CallingProfile"
    The above code calls this little test program:
    Code:
    Param (
       [Parameter(Mandatory=$true)]
          [String] $CallingUser,
       [Parameter(Mandatory=$true)] 	  
          [String] $CallingProfile
    )
    Function Get-AdminStatus {
    
        If (-NOT ([Security.Principal.WindowsPrincipal] `
              [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
              [Security.Principal.WindowsBuiltInRole] "Administrator"))
        {"User"}
        Else
        {"Administrator"}
    }      # End Get-AdminStatus
    
    $CurrentUser = $env:UserName
    $CurrentProfile = $env:UserProfile
    $IsAdmin = Get-AdminStatus
    
    Write-Host "Called by: $CallingUser ProfilePath: $CallingProfile"
    Write-Host "Run As   : $CurrentUser ProfilePath: $CurrentProfile Permissions: $IsAdmin"
    
    
    Read-Host "Press Enter to continue..."
    The new session does start with the new user account but not with Administrator privileges as shown by the output:
    PSResults.PNG

    I've tried adding the -verb runas parameter but PS throws an error when I do.

    Any Ideas?
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,592
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    The verb option is the only way I see to do what you want. What error do you get?

    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •