Hyper-V Program Manager
Okay, this is not actually a virtualization related post – but is a purely about PowerShell. None the less – it is something that I use quite often when scripting Hyper-V – so I thought I would post it here.
The long and the short of it is that, as a general rule, I always leave UAC enabled on Windows and never run as Administrator by default. But I do have scripts that need to run as administrator from time to time.
Rather than launching PowerShell “as Administrator” (which would result in me running other scripts as administrator – because it would be convenient) I have put together the following chunk of script:
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
{
# We are running "as Administrator" - so change the title and background color to indicate this
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "DarkBlue"
clear-host
}
else
# We are not running "as Administrator" - so relaunch as administrator
# Create a new process object that starts PowerShell
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
# Specify the current script path and name as a parameter
$newProcess.Arguments = $myInvocation.MyCommand.Definition;
# Indicate that the process should be elevated
$newProcess.Verb = "runas";
# Start the new process
[System.Diagnostics.Process]::Start($newProcess);
# Exit from the current, unelevated, process
exit
# Run your code that needs to be elevated here
Write-Host -NoNewLine "Press any key to continue..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
This means that when you run the script in question – a new window will be opened “as Administrator” (with an appropriate prompt).
Cheers, Ben
Ben that is super cool! Have to try that tonight!
I am presuming if UAC is enabled it still safely prompts for "Yep/Nope/Allow Giant Gerbils Free"
Yes, majorly cool :) I like
Sean "The Energized Tech"
Sean Kearney -
Yes, you will get a prompt to elevate like any other app - so no security loopholes here :-)
Cheers,
Ben
i found this tool for batch scripts that lets you elevate from a cmd line without PS;
www.winability.com/elevate
Great piece of code!
One question though... I tried to adapt this for use as a function and found that it won't work because, in that case, $myInvocation.MyCommand.Definition contains the commands from the function instead of the path\name of the script itself... Is there a different/better way to derive the name of the script in which the code is running so this could be adapted as a function and included in a libary?
Example:
Function ELEVATE
# all the stuff from above...
# Main script body
ELEVATE
Start-Service w32time
...
Thanks,
-/\/\ark
...continued...
I'm also having trouble using this method to elevate a script that calls other PowerShell scripts because the working driectory is not the same in the newly invoked (elevated) shell. It changes to C:\windows\System32 - I tried adding $newProcess.WorkingDirectory = get-location; just before the start command but this did not seem to help (though I did not get any errors and $newProcess.WorkingDirectory appears to be set to C:\Scripts as I would expect)...
Hey Ben,
I found your blog looking for the exact functionality that you have demonstrated. Thanks for the post. I did find two issues though with your code, and I would like to share the updated lines with you here.
Issue #1 running inside a function has the scope of the function. I found a post on SO that gives a solution and explains a little about why it is this way.
$script:MyInvocation.MyCommand.Path
stackoverflow.com/.../how-can-i-find-the-source-path-of-an-executing-script
Issue #2 is running a script with a space in the filename. Sure it is bad practice, but I did it and came across errors with it. You just have to use the & '.\script name.ps1' format.
$newProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'"
My updated code block looks like this:
#$newProcess.Arguments = "& '" + $myInvocation.MyCommand.Definition + "'";
I found several other suggestions on how to have the script elevate another script or another process, but yours put it all together in a nice format.
Thanks a bunch!
Many Thanks , was just searching for this , to run a script in elevated mode .
You made my day :)
thanks ben, going to try elevator for some W8 issues I need to solve.
This is pure awesome, thank you very much!
Effing awesome, that's what this is.
Awesome! Thank you very much.
Cheers