2

I've spent more time on this that I'd like to admit. I'm looking for powershell code that will quietly start a new PowerShell instance (in the existing PowerShell Window) using different credentials.

The best I can come up with is extremely clunky... popping up two different Powershell Windows on my screen before finally giving me a prompt. Apparently, the -NoNewWindow argument doesn't prevent the opening of any new PowerShell windows.

My VERY clunky code:

Start-Process powershell.exe -Credential $DomainAdmin -WorkingDirectory $env:windir -NoNewWindow -ArgumentList "Start-Process powershell.exe -Verb runAs"

If there is a way to "Runas" Powershell.exe from a desktop shortcut (and saving the username/password). I'd also be happy with that. Below, is the code I attempted to make. However, there seems to be a bug that keeps giving me the error, "267: The directory name is invalid"

Batch file that doesn't work:

runas.exe /savecred /env /noprofile /user:MKA "powershell.exe -noprofile -command \"start-process -WorkingDirectory c:\temp powershell -verb RunAs\""

A solution would be greatly appreciated.

MKANET
  • 573
  • 6
  • 27
  • 51
  • I don't think Runas works the way you think it does. if UAC is enabled, `runas.exe` will log on `%user%` as a standard user, not as an administrator. I'm not sure if what you are trying to do is possible, as I posted a very similar question recently and was not able to get an answer that worked. [Link to my question](https://stackoverflow.com/questions/43939765/batch-programming-a-runas-utility-creater) – GrumpyCrouton Jun 16 '17 at 20:26
  • My question would have to be why do you want to do open a new session? If it's for remote connections into a new system then you can run that in the same powershell window and call each session you make as needed in your script. – Jessie Jun 16 '17 at 20:29
  • No remoting. I actually mean an instance of Powershell. Similar to just typing, "Powershell" while in a powershell console window... except with a different user context. – MKANET Jun 16 '17 at 20:39
  • In your "very clunky code", why are you invoking 2 new powershell windows? You are with the initial Start-Process (which would actually supress a new popup) and then in the argument list, you call another Start-Process powershell.exe which will pop up the window... – thepip3r Jun 16 '17 at 20:56
  • The initial start-process with the -noprofile command still opens an extra Powershell window; plus, the spawned PS window isn't interactive. It wont respond to keyboard or mouse. I can only close the Window. – MKANET Jun 16 '17 at 21:05
  • What you are describing is [`psexec.exe`](https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) but saving a password in a desktop shortcut would be a terrible security practice. – BenH Jun 16 '17 at 21:23
  • 1
    What is the purpose/goal? – Bill_Stewart Jun 16 '17 at 21:29
  • The runas.exe example works fine for me in Windows 10. If you're using an account that's excluded from UAC restrictions (e.g. Administrator), then the `start-process` command doesn't need `-Verb RunAs` and `-NoNewWindow` can be added. If the account needs elevation, you may as well remove the `-WorkingDirectory` option because the Application Information service will ignore this request and start the process in `%SystemRoot%\System32`. – Eryk Sun Jun 17 '17 at 02:47
  • In the first command, `-NoNewWindow` is ignored because it calls [`CreateProcessWithLogonW`](https://msdn.microsoft.com/en-us/library/ms682431), which requests the Secondary Logon service to logon the user and create the process via `CreateProcessAsUser`. runas.exe aslo calls `CreateProcessWithLogonW`. It's documented that this function always uses the creation flag `CREATE_NEW_CONSOLE`, and it's also documented that [`CREATE_NO_WINDOW`](https://msdn.microsoft.com/en-us/library/ms684863#CREATE_NO_WINDOW) is ignored in this case. – Eryk Sun Jun 17 '17 at 02:51

1 Answers1

1

To run as user MKA, create a shortcut with this in Target window:

C:\Windows\System32\runas.exe /User:MKA /savecred C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

To hide a PowerShell console window, you can put this code at the top of the script being executed. which is my favoured solution in this StackOverflow post. 

add-type -name win -member '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);' -namespace native
[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0)

The post discusses other ways that may be more suitable for you.

G42
  • 9,791
  • 2
  • 19
  • 34