none
CMD - How to RunAs different user to execute a powershell script ? RRS feed

  • General discussion

  • Hi Team,

    I have a script CMD executing a powershell script : 

    PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\XXX\post_install\Move_OU_Exclu.ps1""' -Verb RunAs}"

    But with this, it's the machine's account who execute the PS script which doesn't work because of missing rights.

    I would like to execute my PS script with a domain account with the password uncrypted to test it first and without a prompt message. And if it works, a team will crypt the credentials with an internal software.

    My issue is with runas, it's systematically asking me to type the password. 

    /savecreds doesn't work for me.

    If somebody has a hint, it will be welcome.

    Thanks in advance.

    Regards,


    JOSEPH Michel

    • Changed type Bill_Stewart Monday, April 30, 2018 9:43 PM
    • Moved by Bill_Stewart Monday, April 30, 2018 9:43 PM No, you cannot bypass the UAC prompt
    Thursday, March 1, 2018 10:53 AM

All replies

  • The "RunAs" parameter just causes a prompt for elevation.  This is normal.  To run as another user use the "Credential" parameter.


    \_(ツ)_/

    Thursday, March 1, 2018 1:39 PM
  • "Credential" works with CMD ?

    Anyway, I'm currently deleting the script in CMD and doing a new one in Powershell which is much better for me.


    JOSEPH Michel


    • Edited by Michel.J Thursday, March 1, 2018 2:15 PM
    Thursday, March 1, 2018 2:14 PM
  • Your command is powershell altbough it is a bad piece of coding using powershell to start powershell to execute a simple file.

    Just add "Credential" to the "Start-Process" command anit will stt the process with alternate credentials.

    And give up on batch files.

    Start-Process PowerShell -Credential domain/userid -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File C:\XXX\post_install\Move_OU_Exclu.ps1'


    \_(ツ)_/

    Thursday, March 1, 2018 2:30 PM
  • Well, I tried your command but it still asks me the password.

    This script is used during virtual machines recompose, so it won't work if the script asks for a password, no ?

    In fact, some colleagues told me it was a service account that ran the script but after returning my log, it turns out to be the machine account or the local admin account. 

    That's why my script can't move the machine into the AD group.

    My goal is to run my script with a domain account.

    The recompose call the 'post_install.cmd' which is doing action on registry and software (uninstall/install), adding some accounts on the machine : This works. But when it runs my command calling PS, the account running the PS script isn't the good one (it was the machine account).

    I tried to run immediatly my PS script during the recompose without running the cmd, and now it's the local admin account which is used.

    I don't get it at all. And I'm restricted with my rights.

    I hope you understand what I mean.


    JOSEPH Michel

    Thursday, March 1, 2018 4:25 PM
  • If you are asking if you can silently elevate without a UAC prompt, the answer is "no."

    Read this post for details. It is at the top of this forum.

    You cannot bypass the UAC prompt


    -- Bill Stewart [Bill_Stewart]

    Thursday, March 1, 2018 4:28 PM
  • You need to ask your question in the Windows deployment forum.  The deployment tools have methods to address all of your issues.  You cannot guess your way through this and we cannot recreate your environment.

    Start here: https://social.technet.microsoft.com/Forums/en-US/home?forum=mdt


    \_(ツ)_/


    • Edited by jrv Thursday, March 1, 2018 4:38 PM
    Thursday, March 1, 2018 4:37 PM
  • Ok, thanks a lot guyz.

    I will ask to the Windows deployment forum if they have some hints.

    Have a nice day.

    Regards,


    JOSEPH Michel

    Thursday, March 1, 2018 4:41 PM