Search code examples
powershellrunasadmin-rights

How to launch an other ps1 within a ps1 with an other accompt (and admin rights)?

I've got a bug on some of my users computers and I need my users to launch a .ps1 from their computer to fix the problem so i can access to their computer when they need it through NetSupport. Problem is that they don't have administrator rights on their computer.

So this is what I did already :

  • Encrypt an admin password in a .txt (this one will be launch by me with administrative rights)
    Function RandomKey {
    $RKey = @()
    For ($i=1; $i -le 16; $i++) {
    [Byte]$RByte = Get-Random -Minimum 0 -Maximum 256
    $RKey += $RByte
    }
    $RKey
}
$Key = RandomKey

$key |Out-File "$path\Key.txt"

Read-Host "Enter one admin Password" -assecurestring | ConvertFrom-SecureString -key $Key | Out-file "$path\EncKey.txt"

This part seems to work fine. Now, come the working "client" part :

$PassKey = get-content "$Path\Key.txt"
$Password = get-content "$Path\EncKey.txt" | Convertto-SecureString -Key $PassKey
$User = Read-Host "Enter the ID given by your administrator"
$credentials = New-Object System.Management.Automation.Pscredential `
-Argumentlist $User,$Password

And the not working one (I tried a lot of things here some exemple) :

  • 1 : When I set the local administrator (.\administrator) a new powershell Windows start with administrator rights but doesn't do what the file.ps1 is supposed to do, and if I set domain\adminaccount it just start a new posershell windows but without admin rights.
Start-Process powershell -Credential $credentials -ArgumentList '-noprofile -command &{Start-Process powershell -ArgumentList "-file "\\serveur\path\file.ps1" "}'
  • 2 : When I set the local administrator (.\administrator) a new powershell Windows start with administrator rights but only half of the script (file.ps1) works, and if I set domain\adminaccount : same as above.
Invoke-Item (Start-Process powershell.exe -Credential $credentials ((Split-Path $MyInvocation.InvocationName) + "\\serveur\path\file.ps1" ))
  • 3 and so on

Start-Process powershell -ArgumentList '-executionpolicy, bypass, -file "\\serveur\path\file.ps1", -Credential $credentials, -verb RunAs'

Start-Process -filepath "\\serveur\path\file.ps1" -Credential $credentials -ArgumentList '-noprofile -noexit -command  -verb runas}'

Start-Process powershell -Credential $credentials -ArgumentList '-noprofile -command &{Start-Process powershell -ArgumentList "-file "\\serveur\path\file.ps1" "}'

But nothing works as expected... If you guys have an idea it'll be wonderfull !!

--------------------- EDIT ---------------- I did a mistake in my file.ps1, so

Invoke-Item (Start-Process powershell.exe -Credential $credentials ((Split-Path $MyInvocation.InvocationName) + "\\serveur\path\file.ps1" ))

This work fine with local admin (.\administrator), the script does start with admin rights and works as expected. BUT... it doesn't work with domaine admin (domain\admin) : the script does start, but without admin rights...

Solution

  • If someone interested by the solution I found to make it work with local administrator account here it is :

    Couldn't make it work with the file.ps1 I wanted to execute on a UNC path. So I had to copy it 1st on the local computer executing the script.

    $path="[...]\temp"
$source= "[...]file.ps1"
$destination = "c:\users\$env:USERNAME\documents"
if (!(Test-Path "$destination\Netlogon_Firewall.ps1")){Copy-Item -Path $source -Destination $destination}

    Then I import my credentials :

    $PassKey = get-content "$Path\Key.txt"
$Password = get-content "$Path\EncKey.txt" | Convertto-SecureString -Key $PassKey
$User = Read-Host "Enter the ID given by your administrator"
$credentials = New-Object System.Management.Automation.Pscredential `
-Argumentlist $User,$Password

    And finaly i can start the file.ps1 script with administrator rights :

    Start-Process -Credential $Credentials "$PSHOME\powershell.exe" -WorkingDirectory "C:\Users\$env:USERNAME" -ArgumentList "-ExecutionPolicy Bypass & '$destination\file.ps1'"