Results 1 to 2 of 2
  1. #1
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    10,012
    Thanks
    423
    Thanked 1,608 Times in 1,452 Posts

    Can't figure how to elevate privileges with different user account

    Hey Y'all,

    While working on a problem for someone else I came across this little doozy.

    I can create a password credential file with this code and save it to a file on my NAS:
    Code:
    $passwrd = Read-Host "Enter Admin Password..." -AsSecureString
    $encpwd = ConvertFrom-SecureString $passwrd
    $encpwd > "\\MYBOOKLIVE\CMShared\Credentials\cred.bin"
    Then using this code from a Standard User Account attempt to create a new PS instance w/admin privleges:
    Code:
    $CallingUser = $env:USERNAME
    $CallingProfile = $env:USERPROFILE
    
    $encpwd = Get-Content "\\MYBOOKLIVE\CMShared\Credentials\cred.bin"
    $passwd = ConvertTo-SecureString $encpwd
    $cred = New-Object System.Management.Automation.PSCredential 'DELLXPS14Z\Bruce', $passwd
    
    Start-Process PowerShell -Credential $cred -ArgumentList '-noexit',
            '-File',"G:\BEKDocs\Scripts\Get-UserInfo.ps1 $CallingUser $CallingProfile"
    The above code calls this little test program:
    Code:
    Param (
       [Parameter(Mandatory=$true)]
          [String] $CallingUser,
       [Parameter(Mandatory=$true)] 	  
          [String] $CallingProfile
    )
    Function Get-AdminStatus {
    
        If (-NOT ([Security.Principal.WindowsPrincipal] `
              [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
              [Security.Principal.WindowsBuiltInRole] "Administrator"))
        {"User"}
        Else
        {"Administrator"}
    }      # End Get-AdminStatus
    
    $CurrentUser = $env:UserName
    $CurrentProfile = $env:UserProfile
    $IsAdmin = Get-AdminStatus
    
    Write-Host "Called by: $CallingUser ProfilePath: $CallingProfile"
    Write-Host "Run As   : $CurrentUser ProfilePath: $CurrentProfile Permissions: $IsAdmin"
    
    
    Read-Host "Press Enter to continue..."
    The new session does start with the new user account but not with Administrator privileges as shown by the output:
    PSResults.PNG

    I've tried adding the -verb runas parameter but PS throws an error when I do.

    Any Ideas?
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    24,300
    Thanks
    5
    Thanked 1,200 Times in 1,045 Posts
    The verb option is the only way I see to do what you want. What error do you get?

    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •