I am struggling with a very complex problem. Application which my script must install requires elevation of admin rights. Attaching to this application is also available only for an admin. First of all, I am setting execution policy:
try
{
Set-ExecutionPolicy -Scope CurrentUser Unrestricted
Write-Output "Completed"
}
catch
{
throw $PSItem
}
My next PowerShell script creates a PSCredential object with domain\user combination and password. After that, it uses the following command to open the .exe setup file:
Start-Process powershell -Credential $credential -ArgumentList ('-noprofile -command &{Start-Process "' + $filePathSetup + '" -wait -verb runas}')
and proceeds with executing installation code.
It works when I manually open PowerShell ISE with admin credentials provided and paste my script. However, in practice I am running my scripts from external software (Blue Prism) and I can neither use GUI nor perform manual activities. Application needs to be installed without any human interruption, entirely programmatically, so I cannot open PowerShell as admin on my own.
What am I doing instead? I create a Runspace and a PowerShell Object, add my script which installs the app to this PowerShell Object and invoke it this way:
Runspace runspace;
try {
runspace = RunspaceFactory.CreateRunspace();
if(STA == true) {
runspace.ApartmentState = System.Threading.ApartmentState.STA;
} else {
runspace.ApartmentState = System.Threading.ApartmentState.MTA;
}
runspace.ThreadOptions = PSThreadOptions.ReuseThread;
runspace.Open();
} catch(System.Exception ex) {
ErrorMessage = ex.Message;
return;
}
//-Create PowerShell----------------------------------------------------
System.Management.Automation.PowerShell PS;
try {
PS = System.Management.Automation.PowerShell.Create();
PS.Runspace = runspace;
PS.AddScript(PSCode);
} catch(System.Exception ex) {
runspace.Close();
ErrorMessage = ex.Message;
return;
}
//-Add parameters to PowerShell-----------------------------------------
foreach(DataRow ThisRow in Parameters.Rows) {
PS.AddParameter(ThisRow["Name"].ToString().Trim(), ThisRow["Value"].ToString().Trim());
}
//-Invoke PowerShell----------------------------------------------------
try {
Collection<PSObject> Ret = PS.Invoke();
runspace.Close();
And what is my problem? I cannot switch to admin within this code, but it is required for me to run both PowerShell & the application as admin whereas now I am only running the app as admin via PowerShell. I heard of an old Impersonate class which would be helpful but it is no longer supported. What would you suggest me to do?
PS No manual actions please. I know how to press right mouse button to open contextual menu and select Run as Admin ;)
Not sure what the issue here is but we do something at startup across all BP machines that requires admin privileges. To do this we set a task in task scheduler to 'run with highest privileges' whether 'user is logged in or not' then that task will fire a cmd script which points to our powershell files and they all run fine without admin prompts. Task scheduler requests the admin credentials on the machine during task config but I think that would solve what you're attempting here.