Search code examples
powershellcmdwindows-10

Powershell: Start-Process doesn't pass arguments to cmd.exe


These are the commands run in a powershell console (Windows 10):

$username = 'Username'
$password = 'Password'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Process powershell.exe -Credential $credential -WindowStyle Hidden -ArgumentList "Start-Process cmd.exe -Verb RunAs -ArgumentList 'value'"

These commands work fine except that once you open cmd.exe as administrator via another user, by running this command:

echo %1

It gives me back:

%1

Literally. Instead I expect:

value

What am I doing wrong?


Solution

  • I just answered a question where the solution can be found using the script I provided there, with a few modifications, and invoking the chain of commands in a particular way:

    RunAsProxy.ps1

    # First arg should be the script path
    $script = $args[0]
    
    # Rest of args should be any script parameters
    $scriptArgs = $args[1..$args.Count] -join ' '
    
    $startProcessArgs = @{
      Wait = $true
      Verb = 'RunAs'
      FilePath = 'cmd.exe'
      ArgumentList = "/c ""$script"" $scriptArgs"
    }
    Start-Process @startProcessArgs
    
    exit $LASTEXITCODE
    

    Then call RunAsProxy.ps1 as follows as the user you want to run as, then elevate:

    $command = "Command_you_want_to_run_from_cmd.exe"
    $arguments = "any arguments to the program"
    Start-Process -Cred $credential powershell.exe "-File ./RunAsProxy.ps1 $command $arguments"
    

    The way this works is pretty much what you attempted, but using a pre-defined script to handle the elevation. But as you discovered you cannot call -Credential and -Verb in the same invocation on Start-Process. So this works more easily than defining the code in-line:

    1. Run RunAsProxy.ps1 as the target user
    2. RunAsProxy.ps1 will run cmd.exe with the provided arguments and elevate the process.

    Note that if RunAsProxy.ps1 is not in the current directory you would need to provide the relative or full path to it.