1

I have a batch script that calls a Powershell file in administration mode. I found this code a while ago, and it's worked great ever since:

PowerShell -NoProfile -ExecutionPolicy Bypass -Command 
"& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File %PSFile%' -Verb RunAs}";

This time though, I called the batch script from another program. This program says the process worked, but it didn't actually do anything. Examining the logs from echo, I can see the batch script is being called, but it's not calling Powershell. I tried running the batch script manually, and it calls PS fine, so something with how the batch script is being called by the other program is messing with how it calls PS.

This in mind, I tried changing the batch script to directly run my .ps1 file, instead of starting a new admin instance of powershell to start it. My new .bat file looked like this:

Powershell -File %PSFILE% -Verb RunAs

Calling this from the other program sucessfully calls my Powershell script, but I get a bunch of errors from the PS script, since it's not an admin PS session like it needs to be.

How can I change my batch script to call Powershell as an admin, without using Powershell to call itself (which doesn't seem to work with the program that needs to run it)?

EDIT: After trying a bunch of tweaks, I've found I don't even need to be in admin mode to do what this script does. However, I still get access denied errors when running it through the program (admin or not). So something about running it from the program is making it need more permissions than when I run the batch script manually.

Errorum
  • 223
  • 4
  • 16

3 Answers3

1

This is what I do (inside the .bat file):

If the .bat is NOT running as admin

powershell.exe -Command "powershell.exe 'C:\path\to\script.ps1' -Verb runAs"

If the .bat is running as admin

powershell.exe -ExecutionPolicy Bypass -Command "C:\path\to\script.ps1"
Kellen Stuart
  • 7,775
  • 7
  • 59
  • 82
  • This has the same problem as my second example, in that it doesn't have admin rights. I get a bunch of access denied errors. – Errorum Jul 13 '17 at 17:24
  • @Errorum I thought you said the batch script is run as admin? If it is, the powershell.exe inherits the user who ran the .bat. Could you please give more detail? Do you want a prompt to come up asking you for admin password or are you looking for it to all happen automatically – Kellen Stuart Jul 13 '17 at 17:24
  • The batch script is called by another program (an old, proprietary tool we have to use). I want everything to happen automatically, no login. – Errorum Jul 13 '17 at 17:36
  • @Errorum https://stackoverflow.com/questions/7690994/powershell-running-a-command-as-administrator – Kellen Stuart Jul 13 '17 at 17:44
  • Those answers all rely on calling a new instance of Powershell from itself, which doesn't seem to work in my situation. – Errorum Jul 13 '17 at 17:52
  • These both call the powershell script, but neither one calls it as an admin (as indicated by access denied errors) – Errorum Jul 13 '17 at 18:36
  • `-Verb runAs` runs as admin. Try the first command in cmd. I tested this and it worked for me – Kellen Stuart Jul 14 '17 at 15:45
1

You could use a small utility I wrote called elevate32.exe/elevate64.exe.

elevate64 -- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -File "d:\path to script\scriptfile.ps1"

elevate32.exe (32-bit version) and elevate64.exe (64-bit version) basically elevate whatever command line you pass to them.

You can get it here (ElevationToolkit1.zip):

http://www.westmesatech.com/misctools.html

An alternative is to use a short WSH script that, when called, provokes elevation. An example is on Aaron Margosis' blog here:

https://blogs.msdn.microsoft.com/aaron_margosis/2007/07/01/scripting-elevation-on-vista/

Script:

// elevate.js -- runs target command line elevated
if (WScript.Arguments.Length >= 1) {
  Application = WScript.Arguments(0);
  Arguments = "";
  for (Index = 1; Index < WScript.Arguments.Length; Index += 1) {
    if (Index > 1) {
      Arguments += " ";
    }
    Arguments += WScript.Arguments(Index);
  }
  new ActiveXObject("Shell.Application").ShellExecute(Application, Arguments, "", "runas");
}
else {
  WScript.Echo("Usage:");
  WScript.Echo("elevate Application Arguments");
}

The limitations of this approach is that it relies on the WSH command-line parser and can't wait for the program to terminate. These limits may not be a problem in your scenario.

Bill_Stewart
  • 22,916
  • 4
  • 51
  • 62
  • I would definitely try that if I weren't on a locked down production environment... cool tool though, thanks for sharing. – Errorum Jul 13 '17 at 18:09
  • It looks like elevation isn't even the issue here, see edit to original question. – Errorum Jul 13 '17 at 19:00
0

Looks like I was totally off as to the problem source. This was a permissions error on some folders I was editing. The program I was running the scripts through acts as a separate service. I had to add that with modify permissions to the security groups of all the folders I was editing. No elevation required in the scripts, just modifying permissions.

Errorum
  • 223
  • 4
  • 16