How can I start a batch script with elevated permissions remotely with powershell
Question
I'm writing a script which needs to run a batch on multiple remote Computers. That batch scripts needs to run with Domain Admin privileges.
Is it even possible to achieve this with the Invoke-Command cmdlet?
I already enabled WinRM on the remote machine so I don't think that's the problem.
$computername = Read-Host "Enter Hostname"
$user = "mydomain\administrator"
$pwd = Read-Host "Enter Password" -AsSecureString
$cred = New-Object System.Management.Automation.PSCredential ("$user", $pwd)
Invoke-Command -ComputerName $computername -Credential $cred -ScriptBlock {
$remoteuser = "mydomain\administrator"
$remotepwd = Read-Host "Enter Password" -AsSecureString
$remotecred = New-Object System.Management.Automation.PSCredential ("$remoteuser", $remotepwd)
$script = "\\path_to_script\script.bat"
Start-Process $script -Credential $cred1
}
I expect the script to run under the domain admin credentials on the remote machine. Instead I get this error:
CategoryInfo : NotSpecified: (:) [Start-Process], UnauthorizedAccessException FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.StartProcessCommand PSComputerName : mycomputername
1 answers
solution1
2 2019-01-04 11:40:02
Your $cred1 variable doesn't exist, it should be $remotecred :
Start-Process $script -Credential $remotecred
The variable name $pwd is reserved for 'print working directory'.
You can see this by running a new powershell console and querying it, you'll get a value for the current working directory:
PS C:\WINDOWS\system32> $pwd
Path
----
C:\WINDOWS\system32
Use something different like $pass instead.
I would also call CMD and pass your batch file in using /c ( documentation link ):
Start-Process CMD -ArgumentList "/c $script" -Credential $remotecred
Putting all this into practice:
$computername = Read-Host "Enter Hostname"
$user = "mydomain\administrator"
$pass = Read-Host "Enter Password" -AsSecureString
$cred = New-Object System.Management.Automation.PSCredential ($user, $pass)
Invoke-Command -ComputerName $computername -Credential $cred -ScriptBlock {
$remoteuser = "mydomain\administrator"
$remotepwd = Read-Host "Enter Password" -AsSecureString
$remotecred = New-Object System.Management.Automation.PSCredential ("$remoteuser", $remotepwd)
$script = "\\path_to_script\script.bat"
Start-Process CMD -ArgumentList "/c $script" -Credential $remotecred
}
If you are actually using the same credentials for the remote session as you are to launch the batch file, then you don't need the second set of credentials.
As the remote session is running as mydomain\\administrator any processes it spawns will also run as that user:
$computername = Read-Host "Enter Hostname"
$user = "mydomain\administrator"
$pass = Read-Host "Enter Password" -AsSecureString
$cred = New-Object System.Management.Automation.PSCredential ($user, $pass)
Invoke-Command -ComputerName $computername -ScriptBlock {
$script = "\\path_to_script\script.bat"
Start-Process CMD -ArgumentList "/c $script"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.