Create a powershell with admin rights without being prompted


To start, I am new to powershell :slight_smile:

I am trying to start a powershell with admin rights without being prompted. Google have so far shown me :

Start-Process powershell -verb runas

What I am trying to do :slight_smile:

I have some computers residing on a restricted network and I can’t remote control them. I can send an powershell command.
The thing I will do i use the $PSWindowsUpdate module to force updates to be installed on the computers.

So planning on having a ps1 file to run with powershell elevated should give me what I need.

So, is there a way to elevate powershell to run a specific ps1 file ?

All tips and tricks is highly appreciated :slight_smile:

You can run PowerShell.exe with the -runas verb and pass it a script file. However, You’ll still have UAC to contend with.

Bypassing, or disabling, the UAC prompt isn’t allowed, and for good reason. Think about it–if we could bypass it, then why would we have it? It’s like security logs–what good would they be if we could selectively delete entries within the log?

If you want to “get around” a UAC prompt, then create a scheduled task that runs your ps1 file. Run it with highest privileges, and have it store the credentials of an elevated account. You can run the scheduled task from the GUI, or from inside PowerShell using the Start-ScheduledTask cmdlet.

Edit: It just occurred to me that you’ll only see the Start-ScheduledTask cmdlet (and the containing module, ScheduledTasks) in PowerShell 3.0 on Windows 8 and Server 2012, and in PowerShell 4.0 on Windows 8 and 8.1, Server 2012, and Server 2012 R2. If you aren’t using one of those, then enter SCHTASKS /Run /? and learn of an older, command-driven way to run the task outside the GUI.

UAC is generally only an issue for the local computer. If you’re connecting to remote computers with an account that has admin rights, you should be fine. (With one exception: If you’re using a local administrator account other than the built-in administrator, there’s a group policy setting that needs to be enabled before you’ll be able to use any permissions granted by the Administrators group membership; this setting is not enabled by default. You can enable this via GP, or directly in the registry; search the web for “LocalAccountTokenFilterPolicy” for all the details.)

Keep in mind that you must first install the PSWindowsUpdate module on each of the remote machines before you can execute it (remotely or locally). I’ve tried using this module in the past and find that it works okay locally but not so good remotely and if you’re new to PoSH you will have a difficult time getting this to solve your problem. IMO your time would be better spent adding your isolated network to your domain SCCM or WSUS server’s scope. If you don’t have either just set the systems up to download Windows Updates automatically and schedule a task to reboot them periodically.