5

Due to various new security policies, we need to be able to run various tasks as an assigned uid. To assist in this, a common menu system was developed. One of the functions in the script is:

$credential = user_credential
$cmd = "C:\windows\system32\mmc.exe" 
$args = "C:\Windows\System32\compmgmt.msc"
Start-Process -FilePath $cmd -ArgumentList $args  -Credential $credential

Error received:

Start-Process : This command cannot be run due to the error: The requested operation requires elevation.
t C:\webeng\webeng.ps1:131 char:5
     Start-Process -FilePath $cmd -ArgumentList $args  -Credential $credential
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
   + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

The error seems to indicate that the PS script requires elevated privs but I am already running as Administrator.

What could I possibly be missing here?

Matt
  • 45,022
  • 8
  • 78
  • 119
user796632
  • 59
  • 1
  • 1
  • 3
  • 2
    While you are presumably running the code/shell as administrator what is the result of this command `([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")`? If you are truly running as admin that would return true. Also consider using `-Verb RunAs` with `Start-Process` – Matt Mar 11 '15 at 17:48
  • Simply logging on as a member of Administrators is not the same as running a process elevated. They are two separate concepts. – Bill_Stewart Mar 11 '15 at 17:59
  • Don’t know if this is an option for you, but disabling UAC should get rid of this error. With UAC off, running as admin is equivalent to running elevated process. – Jan Chrbolka Mar 11 '15 at 23:38
  • 1
    I definitely do not recommend disabling UAC. UAC is an important step to stop people from running everything elevated. – Bill_Stewart Mar 12 '15 at 00:55
  • OK, I kind of agree with that even though in large secured corporate environments it is common practice to turn UAC off due to problems it causes. Another way to deal with this is to elevate rights within your script. This is explained here: [A self elevating PowerShell script](http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/09/23/a-self-elevating-powershell-script.aspx) – Jan Chrbolka Mar 12 '15 at 04:00
  • UAC doesn't cause problems; it merely makes them evident. The real problem is that user-mode applications should not run elevated. – Bill_Stewart Mar 13 '15 at 14:17
  • Disabling UAC is not an option and I am definitely running as Administrator. The script has the following at the top to check and elevate if required. – user796632 Mar 13 '15 at 14:59
  • This will open MMC under different credentials but opens a dos command window in background which never closes. Thoughts? $credential = user_credential $cmd = "$env:windir\system32\cmd.exe" $args = "start /b cmd /C C:\windows\system32\mmc.exe c:\windows\system32\compmgmt.msc" Start-Process -FilePath $cmd -ArgumentList $args -Credential $credential – user796632 Mar 13 '15 at 19:01

2 Answers2

2

your issue will go away when your PowerShell session as administrator WHILE logged in with an administrator account. this will give you your missing elevated permissions in your active session. This guys solution works if your having issues with your script running on servers and needing that extra punch. https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/09/23/a-self-elevating-powershell-script/

GLHF!

Kelly Davis
  • 354
  • 2
  • 6
2
# variables
$mmc = "$($env:SystemDrive)\Windows\System32\mmc.exe"
$msc = "$($env:SystemDrive)\Windows\System32\compmgmt.msc"

# credentials
$username   = "DOMAIN\USERNAME"
$securePass = ConvertTo-SecureString "PASSWORD" -AsPlainText –Force
$cred       = New-Object System.Management.Automation.PSCredential $username, $securePass

# call MSC
Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process -FilePath $mmc -ArgumentList $msc -Verb runAs"
ortolar
  • 21
  • 3