在具有提升权限的远程系统上运行Powershell脚本以启用远程处理

Question

I am trying to use the following code to copy a PowerShell script to remote windows 7 machine; run it with elevated privileges on this machine to enable remoting on that system.

It is copying the script file to the remote system but it is not executing the command in the remote PowerShell session because of the empty $command variable (the second line in the script below is not working).

Copy-Item -Path C:\users\user1\Myscript.ps1 -Destination \\some-computer\c$\Myscript.ps1

$command = PowerShell.exe -NoProfile -Command "& {Start-Process PowerShell.exe -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\Myscript.ps1""' -Verb RunAs > C:\PS-result1.txt}"

$cmd = "CMD.EXE /c "+$command

Invoke-WmiMethod -class Win32_process -name Create -ArgumentList $cmd -ComputerName "some-computer"

Start-Sleep -s 8

Get-Content \\some-computer\C$\PS-result1.txt

Is it possible to accomplish this? Thanks,

Answer 1

Using WMI to call CMD to call PowerShell to call Start-Process to call PowerShell again? That seems a little complicated.

Try something much simpler:

$command = "PowerShell.exe ""C:\Myscript.ps1"" > ""C:\PS-result1.txt"""
Invoke-WmiMethod -class Win32_process -name Create -ArgumentList $command -ComputerName "some-computer"