2

To preface this, I am self teaching and brand new to scripting in general, let alone powershell. After a cumulative 12 hours, my Google fu has run out.

I had a series of programs tailored to different models of computer we support that ran a staged series of installers from a fileshare. The program would check to see if the tech deploying the software was running it as admin, if not, it used a Start-Process line to elevate and run again.

It worked flawlessly, but we wanted to see if we could remove the need for the tech to enter r to run the scripts from the share.

In trying to figure out how to add -executionpolicy bypass to the arg list for Start-Process, I've hit a wall.

It now errors on trying to call to the fileshare to retrieve the parent script, before getting to the point where I can troubleshoot the bypass can of worms.

Below is my rough framework, remember I'm self taught by googling and using tutorials point.

$principal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if($principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) 
    {
#usually I have a get-childitem | foreach-object loop here that runs the files from the folder one by one in a specific order,
#it also checks to see if msiexec is running or not before trying to load and install files using a if-else>do-while combo
    }
else 
    {
        Start-Process -FilePath "powershell" -ArgumentList "$('-File "\\server\dir\foo".ps1')$($MyInvocation.MyCommand.Name)$('""')" -Verb runAs
    }#this calls to a script that is a 1:1 copy of the code in the if{} block

This returns an error from the -File parameter that says it can't call the file because it doesn't exist. What am I doing wrong? How do I pass -executionpolicy bypass as an additional arg without breaking it further? Is there a better way to do this? Is there a neater way to automate this?

Please help me geniuses of StackOverflow before I start gnawing on my keyboard.

apaderno
  • 28,547
  • 16
  • 75
  • 90
Mungle
  • 21
  • 1
  • Assuming the target script is located in dir. `\\server\dir\foo` and has the same file name as the calling script: `-ArgumentList "-File \`"\\server\dir\foo\$($MyInvocation.MyCommand.Name)\`""` – mklement0 Nov 19 '21 at 17:29
  • If you already succeed in invoking the script at hand, you shouldn't have to worry about the execution policy - unless the effective policy is `AllSigned` and the script at hand is signed, whereas the target script is not. – mklement0 Nov 19 '21 at 17:31
  • The person who inspired me to recover my old account! I was reading your amazing answers on other questions trying to emulate what you did. – Mungle Nov 19 '21 at 17:32
  • I'm glad to hear it, and thanks for the nice feedback. – mklement0 Nov 19 '21 at 17:34
  • Target is not signed, these are being run in small batches as part of a test to see if it is viable large scale. When I try `Start-Process -FilePath powershell -ArgumentList "-File `"\\server\dir\...foo.ps1$($MyInvocation.MyCommand.Name)`"" -Verb runAs` I get "The argument \\server\dir\...\foo.ps1example.ps1 to the -File parameter does not exist." Removing `$($MyInvocation.MyCommand.Name)` leads to a similar error. – Mungle Nov 19 '21 at 17:46
  • I can map the drive and get the same error. I can assign the filepath to $filepath like you showed in another answer and get the same error. However `& $filepath` runs fine, beyond not elevating and bypassing execution policy of course. – Mungle Nov 19 '21 at 17:52
  • You have an extra `foo.ps1` in your command, before the expanded `$($MyInvocation.MyCommand.Name)` value, `example.ps1` – mklement0 Nov 19 '21 at 17:53
  • Still gives same error, file at filepath does not exist. It's gotta be something small I'm missing, I can paste the exact same filepath into explorer and navigate to it. – Mungle Nov 19 '21 at 18:17
  • Paste the _literal_ file path into your command and see if that works (test it with `Get-Item` first). – mklement0 Nov 19 '21 at 18:40
  • Get-item works `start-process -FilePath powershell -ArgumentList {-file literalpath}` This works and doesn't prompt security warning `Start-Process -Filepath powershell -ArgumentList {-executionpolicy bypass -file literalpath} -verb runas` This works and doesn't prompt security warning Not sure why it works now. Maybe you're magic? – Mungle Nov 19 '21 at 19:17
  • :) Note that using `{ ... }` is problematic: you're creating a script block, which then stringifies to its _verbatim_ content; this means you cannot include variable references, and if what `...` represents isn't syntactically valid PowerShell code, the command breaks altogether. – mklement0 Nov 19 '21 at 19:41
  • For now, hard coding args will get the project rolling as the args are all static. I tried having a standalone that uses the syntax you mention in the first comment, however it breaks continuously on the -File input even if you map the share, test with `get-item`, and test that `& $_.Name` runs contents of `get-childitem`. In the future I'm sure a framework where a user could enter custom parameters would be highly preferable if I could get it to work and stay stable. – Mungle Nov 24 '21 at 00:16

0 Answers0