Powershell Script Not Running as Administrator

Question

I'm new to scripting in Powershell, and I've run into an issue where whenever I run a script as administrator it automatically fails. Running the script normally succeeds, but as administrator it opens for a split second and immediately closes again ( * after suggestions from @iRon, this is no longer the case). I'm honestly not sure if this is a programming issue or a Windows issue, so I'm putting it here - please let me know if this is better fit for the superuser stack.

The end goal is to be able to call the script from a batch script so that I can remotely re-build trusted root certificates on PCs where Windows Update screwed them up because of faulty firewall settings. But I can't do that unless I get it working to run as administrator.

My current code is as follows (from this tutorial) (They are both named the same aside from extension, hence the %~dpn0):

BATCH:

@ECHO OFF
PowerShell.exe -NoExit -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy Bypass -noexit -wait -File ""%~dpn0.ps1""' -Verb RunAs}"
pause

POWERSHELL:

echo "Hello World!"
if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{Write-Output 'Running as Administrator!'}
else
{Write-Output 'Running Limited!'}
Pause

Additional information: I'm running this on Windows 10 21H2 with powershell verion 10.0.19041.1023. I am able to run the commands individually in an elevated powershell window.

After @iRon's help, I was able to get the actual error message, although the script still will not work:

x86 : The term 'x86' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:31
+ -wait -File [path]\Program Files (x86)\Lansweeper\PackageShare\Scripts\ ...
+                                   ~~~
    + CategoryInfo          : ObjectNotFound: (x86:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Also add the [`-NoExit`](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_powershell_exe#parameters) parameter to the outer script to see the actual error message you dealing with. — iRon, Jun 24 '21 at 16:13
I just tried changing the batch to PowerShell.exe -NoExit -Command ... and it did the same thing - opened for a split second with no text, and closed. — TheLittlePeace, Jun 24 '21 at 16:19
Then add a Pause to your script at the end to prevent it from ending when it errors out. The problem is in your script and needs to be diagnosed from there. — Scepticalist, Jun 24 '21 at 16:35
@iRon I added it, and unfortunately same result. I have also updated the question's code accordingly. — TheLittlePeace, Jun 24 '21 at 17:07
This is a maze. Would it work for you if you elevate from the ps1 ? — Santiago Squarzon, Jun 24 '21 at 17:11
@SantiagoSquarzon I did try that (by putting a shortcut on my desktop and setting that to run as administrator) with the same results. That's why I'm questioning whether it is a programmatic problem or one with Windows. Not that it's particularly necessary for the question, but the reason I'm trying to call it from a Batch is so I can deploy from Lansweeper to all of the computers updated with bad certs. This was the "easiest" way I found to be able to run the .ps1 as administrator on a machine without prompting for admin password on everybody's PC. — TheLittlePeace, Jun 24 '21 at 17:16
Agree, it is a maze: also add [`-Wait`](https://learn.microsoft.com/powershell/module/microsoft.powershell.management/start-process#parameters) to the `Start-Process` cmdlet. — iRon, Jun 24 '21 at 17:16
Try the following command. Maybe you find out more in the transcript log. `"& {Start-Transcript '%~dp0transcript.log'; Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy Bypass -noexit -File ''%~dpn0.ps1''' -Verb RunAs}"` — swbbl, Jun 24 '21 at 17:19
@iRon Adding the -Wait did cause it to stop closing. It seems like the issue is that it doesn't like the path (it's in a "Program Files (x86)" ). So the problem may be that I need to add more quotes...? Not sure. — TheLittlePeace, Jun 24 '21 at 17:22
I meant by adding something like: ```Start-Process powershell -Verb RunAs -ArgumentList "-file `"$($MyInvocation.ScriptName)`""``` at the top of the PS1 file — Santiago Squarzon, Jun 24 '21 at 17:24
You might have a look to the "***self-elevating***" script examples [here](https://stackoverflow.com/a/7691218/1701026) — iRon, Jun 24 '21 at 17:27

score 0 · Answer 1 · answered Jun 24 '21 at 17:27

0

The problem is that you are running this from a cmd.exe instance, which means you need to escape your nested doublequotes with backward slashes:

%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Command "& {Start-Process $Env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe -ArgumentList '-ExecutionPolicy RemoteSigned -NoExit -File \"%~dpn0.ps1\"' -Verb RunAs}"

or without the unnecessary &{…}:

%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Command "Start-Process $Env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe -ArgumentList '-ExecutionPolicy RemoteSigned -NoExit -File \"%~dpn0.ps1\"' -Verb RunAs"

answered Jun 24 '21 at 17:27

Compo

36,585
5
27
39

I attempted to adjust my code using your suggestions, and also straight-up copying both examples you gave, and it is giving the same result as before with the "(x86) not recgnized" error. – TheLittlePeace Jun 24 '21 at 17:37
I do not believe you are correct @TheLittlePeace! I copied exactly the same powershell content as you've posted above, then created a batch file with the same basename as that ps1 file, containing either one of the lines I've posted above,_(with `@Echo Off` on the line above it, and `Pause` on the line below it, exactly as in your submission)_. I made sure that both files were placed together within a subdirectory of Program Files (x86), double-clicked it, and it worked exactly as expected. Please do not test my code by changing anything in it, or by adjusting your PowerShell script content. – Compo Jun 24 '21 at 17:52
that's exactly what I did... Could it be something with some setting after all if we're getting different results? Or maybe since it's being run from a different directory than the C:\ drive (Lansweeper is on a server so it will be run from there, let's call it \\lsserver\c$\Program Files (x86)\ ... ) – TheLittlePeace Jun 24 '21 at 18:23
@TheLittlePeace, if you're trying to run files from a network share, that is a completely different question. Please place both files on your local machine, run the batch file, then see that my code works. Feel free to also try your original code too, _(which looks like it should also work, although I'd prefer to use the more correct backward slashes)_. I would assume that you've probably just not asked the correct question on this occasion. – Compo Jun 24 '21 at 18:39
Ah! Yep, that seems to be the issue. I'll look up how to properly call it from a network share... Hopefully it's a simple change. – TheLittlePeace Jun 24 '21 at 19:27
Well @TheLittlePeace, you could just use an additional line, or two in your batch file. e.g. before your powershell line, `pushd "\\lsserver\c$\Program Files (x86)\Lansweeper\PackageShare\Scripts"`, and after your powershell line `popd`. Of course, you could then probably just replace `%~dpn0.ps1`, with `%~n0.ps1`, _(as the drive and path should already be correct)_. – Compo Jun 24 '21 at 19:41

Powershell Script Not Running as Administrator

1 Answers1