Elevated command prompt

I have an interesting problem where I need to change the password of a local administrator account for a remote computer that I only have access to via Gotomeeting or TeamViewer.

We are a IT contracted support group and there is a company that ‘used’ to be our clients but now have come back to us. We need to install the connect wise utility on their machines, but have to remote to each one and install. Problem is, their previous IT company changed their local admin passwords, but our original back door admin account is still on the machines.

The client can get us remoted in via Gotomeeting, however when I try to run an elevated command prompt, the Windows 10 password prompt is not visible via the Gotomeeting interface, so I can’t put our back door admin password in the prompt to then reset the local password. Same thing for TeamViewer.

I can’t obviously tell the user our backdoor password either.

Is there a way for me to capture my back door credentials without the user seeing it and pass that to a ‘RunAs’ to run an elevated PS prompt without the windows 10 prompt?






In my experience, with something like GoToAssist, even if you could get the admin prompt open, the remote software wouldn’t let you type into it.

I’m assuming they’re a workgroup environment, otherwise you could do a silent install from a server.

I would try the following:

  • Setup a scheduled task to run the installer with the silent switches
  • Have the task run as the admin user you still have on their machines
The credential box that opens up is not a UAC prompt, so you should have no problems from the remoting software you're using.

have you tried running the elevated command shell from a command shell?

runas /noprofile /user:HOSTNAME\UserName c:\windows\system32\cmd.exe

You can try this against a remote PC from a non admin powershell prompt.

$server = 'remoteserver'

$username = Read-Host -Prompt "Enter backdooradmin username"
$securePassword = Read-Host -Prompt "Enter password for $username" -AsSecureString
$credential = [System.Management.Automation.PSCredential]::new($username,$securePassword)

$params = @{
    Credential   = $credential
    ComputerName = $server
    Class        = 'win32_process'
    name         = 'create'
    ArgumentList = "cmd /c net user localadmin NewP@ssw0rd"
Invoke-WmiMethod @params