Elevated Start Job

So I run a Powershell script from a bat file elevated and it mostly works great, however when it starts a job in the ps1 file it seems to fail. This script runs flawlessly if I run from an elevated powershell window manually. Any Ideas?

GCI C:\users | Select-Object -Property Name, FullName, LastWriteTime | foreach {
if ($.name.substring($.name.length-1) -eq ‘S’ -and $.CreationTime -lt ((Get-Date).AddDays(-21))) {
start-job { remove-item $args[0] -Force } -name DeleteUser -ArgumentList $.fullname
}
}

Also heres the bat file I use to call the PS1 File.

PowerShell.exe -Command “& {Start-Process PowerShell.exe -ArgumentList ‘-ExecutionPolicy unrestricted -File “\netapp1b\temp.ps1”’ -Verb RunAs}”

What an odd way to do that. Huh. I’m not sure why you’re not just running PowerShell.exe once, rather than nesting it as you are.

Anyway, your Start-Process isn’t being given an alternate credential, and so it will run PowerShell in whatever user context you ran the first PowerShell.exe in. This isn’t “elevated.”

Thanks that makes sense. Is it possible to elevate a process from powershell/cmd without user interaction?

Not really, no. You’d need to somehow hardcode clear-text credentials, which would be pretty horrible. I imagine you could try running it as an Scheduled Task or something, which had alternate credentials applied.

I mean… not to put too fine a point on it, but what you’re asking for would be every malware author’s wet dream. You pretty much DO NOT want that capability in Windows :).