Elevated command prompt

brian-clanton · May 5, 2020, 10:09am

I have an interesting problem where I need to change the password of a local administrator account for a remote computer that I only have access to via Gotomeeting or TeamViewer.

We are a IT contracted support group and there is a company that ‘used’ to be our clients but now have come back to us. We need to install the connect wise utility on their machines, but have to remote to each one and install. Problem is, their previous IT company changed their local admin passwords, but our original back door admin account is still on the machines.

The client can get us remoted in via Gotomeeting, however when I try to run an elevated command prompt, the Windows 10 password prompt is not visible via the Gotomeeting interface, so I can’t put our back door admin password in the prompt to then reset the local password. Same thing for TeamViewer.

I can’t obviously tell the user our backdoor password either.

Is there a way for me to capture my back door credentials without the user seeing it and pass that to a ‘RunAs’ to run an elevated PS prompt without the windows 10 prompt?

mitchvh · May 5, 2020, 10:43am

In my experience, with something like GoToAssist, even if you could get the admin prompt open, the remote software wouldn’t let you type into it.

I’m assuming they’re a workgroup environment, otherwise you could do a silent install from a server.

I would try the following:

Setup a scheduled task to run the installer with the silent switches
Have the task run as the admin user you still have on their machines

The credential box that opens up is not a UAC prompt, so you should have no problems from the remoting software you're using.

tonyd · May 6, 2020, 11:52am

have you tried running the elevated command shell from a command shell?

runas /noprofile /user:HOSTNAME\UserName c:\windows\system32\cmd.exe

krzydoug · May 6, 2020, 9:32pm

You can try this against a remote PC from a non admin powershell prompt.

$server = 'remoteserver'

$username = Read-Host -Prompt "Enter backdooradmin username"
$securePassword = Read-Host -Prompt "Enter password for $username" -AsSecureString
$credential = [System.Management.Automation.PSCredential]::new($username,$securePassword)

$params = @{
    Credential   = $credential
    ComputerName = $server
    Class        = 'win32_process'
    name         = 'create'
    ArgumentList = "cmd /c net user localadmin NewP@ssw0rd"
}
Invoke-WmiMethod @params

Topic		Replies	Views
Local Administrator Password Change PowerShell Help	13	262	July 29, 2021
changing local admin password issue PowerShell Help	3	183	January 10, 2020
Struggling with PS Credentials PowerShell Help	2	129	September 19, 2019
Changing Local User Passwords PowerShell Help	1	124	October 14, 2020
Create a powershell with admin rights without being prompted PowerShell Help	4	174	January 3, 2015

Elevated command prompt

Related Topics