elevating code privilage

I have a utility compiled powershell with gui (powershell studio) this utility run a list of files exe or cmd, or ps1’s.

Some of the cmd or ps1 require admin rights (the user is a local admin) to run below are two of the commands that fail if not an admin and then the code that launches them

code that will fail: (both are in .ps1 files)
dism /online /import-defaultappassociations:c:\Scripts\DefaultApps\DefaultApps.xml
or
Import-StartLayout -LayoutPath “Start.xml” -MountPath C:\

the code to launch them is…

if ($extension -eq “.ps1”)

                       {

                              $RunExe = $LocalPath + $LocalPath2 + $filePath

                              #$PSCMD = "-executionPolicy bypass -file " + $RunExe + " " + $CFG_PARMS

                              #sns 4/24 added runas

                              $PSCMD = "-executionPolicy bypass -verb RunAs -file " + $RunExe + " " + $CFG_PARMS

                              $process = (Start-Process -FilePath "powershell.exe" -argumentlist $PSCMD -PassThru)

                              $handle = $process.Handle

                              $process.WaitForExit()

                              $ret = $process.ExitCode

                       }

any ideas how to elevate in the start-process code i tried the -verb RunAs but it didnt help

-Verb Runas is an argument for Start-Process itself, not part of the -ArgumentList parameter. So, it should look a littl emore like this:

$PSCMD = '-ExecutionPolicy Bypass',"-File $RunExe $CFG_PARMS"
$Process = Start-Process -FilePath 'PowerShell.exe' -Verb Runas -ArgumentList $PSCMD

I will try the change the RunAsis it the equivalent of opening a powershell window as admin?

Are there any other trick of the trade to elevate either the launcher utility or what it launches?

thanks

To the first question, yes, it is equivalent to using ‘Run as Administrator’.

As for the other question, I’m not really sure what you mean. If you’re asking whether there are other methods of elevating, there might be, but I’m not familiar with any of them. There are some popular self-elevating snippets around here that effectively check if the current session is elevated, and if not, they trigger an elevated session and re-run the current sequence of code.

But as far as I know, even that makes use of `-RunAs`.

You do have the option of simply directly calling an executable along with any arguments it might have using Start-Process, but in general any process called from an elevated PowerShell session inherits the elevated status.

Thanks I will test tomorrow…

########
Add-Type -AssemblyName PresentationCore,PresentationFramework
If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]‘Administrator’))
{
Start-Process -FilePath powershell.exe -ArgumentList (“-NoProfile -ExecutionPolicy Bypass -File `”{0}`"" -f $PSCommandPath) -Verb RunAs
Exit
}
########

This is the first few lines of my code that makes sure the script I’m running is running as admin and if it isn’t then it’ll re open’s itself as admin
(you’ll still get a smart screen check if that’s still on asking if you are sure you want to run PS as admin)

Still no luck the ps1 being called shows the error that it needs to be run in an admin window here is the neew code below

if ($extension -eq “.ps1”)

                       {
                              $RunExe = $LocalPath + $LocalPath2 + $filePath
                              $PSCMD = "-executionPolicy bypass -file " + $RunExe + " " + $CFG_PARMS
                              $process = (Start-Process -FilePath "powershell.exe" -verb RunAs -argumentlist $PSCMD -PassThru)
                              $handle = $process.Handle
                              $process.WaitForExit()
                              $ret = $process.ExitCode

                       }