Install RSAT using powershell script to windows 10 with elevated privileges
Question
I am facing a difficulty on installing RSAT to remote windows 10 workstations via gpo. My main goal is to use Get-ADuser command as a necessity to gain information from my Windows domain.
I created a PowerShell script using the following command:
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online
Yet when I run it, a message appears asking for elevated privileges.
So I tried to add credentials in order to automate the installation and changed the script to :
$Username = 'domain\domain_adm'
$Password = '*******'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
Start-Process -FilePath powershell.exe -ArgumentList{Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online} -credential $Cred
And from a normal PowerShell window, it works. But, it doesn't when I am trying to use it from gpo.
Could you please assist me?
The goal is to install via GPO Get-ADuser (maybe RSAT) to domain workstations with OS Windows 10
3 answers
solution1
1 2020-03-02 03:29:22
For a small number of machines Powershell is not a bad option. If you have access to GPOs then you should use then. RSAT is "Windows feature". You can use WSUS. https://4sysops.com/archives/install-rsat-1809-and-other-optional-features-in-wsus-environments/ You could also use the software that you use to install software on the machine on the network . Many of software distribution packages run as root when it installs software. In this case just give that team the line below.
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online
solution2
0 2020-02-29 21:37:14
You can download RSAT as an msu file: https://www.microsoft.com/en-us/download/details.aspx?id=45520
EDIT: Ok, as for 1809 and above, my first thoughts are a gpo startup script, or using invoke-command.
solution3
0 ACCPTED 2020-03-01 01:26:15
- Why are you putting credentials in clear text in a script file? That is just bad practice and should not be done.
- Installing software is an Admin level thing, local, GPO, or otherwise, because it's a system-wide change.
Lastly, this is not a PowerShell code/programming issue and not something PowerShell can fix relative to how you are trying to do this. It's specifically how do I use GPO to enable a Windows feature or install software, using PowerShell?
So, could be considered off-topic for Stackoverflow and more a question for SuperUser or StackExchange.
All that being said, you can still use PowerShell to do this, but doing so by using PowerShell to set a scheduled task to the targets and set that to the admin creds at run once at login.
- You can write a separate script to create the scheduled task.
- You can use the below script for the RSAT install effort via the task.
Use PowerShell to Create Scheduled Tasks
Very similar to this approach with updating PowerShell help:
PowerShell: Update-Help via Scheduled Task in Group Policy Preferences
As far as what js2010 has stated. That was true for earlier versions of Windows 10. The current state of things is as noted below.
Install RSAT for Windows 10 1809 and 1903 and 1909 automated
RSAT (Remote Server Administration Tools) in Windows 10 v1809 and v1903 are no longer a downloadable add-on to Windows. Instead, its included as a set of "Features on Demand" directly in Windows.
Download: Install-RSATv1809v1903v1909.ps1
Long term Scheduled Task management can be accomplished via GPO as well, as noted here:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.