Link to home
Start Free TrialLog in
Avatar of ID_Lost
ID_Lost

asked on

Self elevate as administrator powershell script with parameters passed.

Hi,
I have a powershell script whcih self elevates as administrator. It checks the script is launched in administrator or non administrator and then changes and runs as administrator. But I am using a try catch in my script. I am not sure how to pass the arguments on to that script. Below is the script, if I save the script as test.ps1 and run it, it checks and elevates properly.

BUT... if I run the script with argument which I have used in try ... catch i.e test.ps1 -r it is not passing the "-r". I need to pass the argument -r if needed. Can someone help to modify it which will run as expected.
Start-Sleep -seconds 5


# Get the ID and security principal of the current user account
 $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
 $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
  
 # Get the security principal for the Administrator role
 $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
  
 # Check to see if we are currently running "as Administrator"
 if ($myWindowsPrincipal.IsInRole($adminRole))
    {
    # We are running "as Administrator" - so change the title and background color to indicate this
    $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
    $Host.UI.RawUI.BackgroundColor = "DarkBlue"
    clear-host
    }
 else
    {
    # We are not running "as Administrator" - so relaunch as administrator
    
    # Create a new process object that starts PowerShell
    $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
    
    # Specify the current script path and name as a parameter
    $newProcess.Arguments = $myInvocation.MyCommand.Definition;
    Write-Host $newProcess.Arguments
    pause
    
    # Indicate that the process should be elevated
    $newProcess.Verb = "runas";
    pause
    
    # Start the new process
    [System.Diagnostics.Process]::Start($newProcess);
    
    # Exit from the current, unelevated, process
    exit
    }




try {
if($args[0] = "-r")
{
Write-Host "Hello"
pause
}
}
catch {
Write-Host "No Hello"
pause
}


# Stop-Transcript

Open in new window

SOLUTION
Avatar of footech
footech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
A shorter way to check for elevation is
(whoami /all | select-String S-1-16-12288) –ne $null

Open in new window

which is true for elevated shells.
While #a41334865 does provide an alternative to checking whether a script is being run as admin, there was no question about that and the OP's code already did that.
The code posted in #a41265848 correctly passes the argument to the new session as requested (tested), and so that post should be accepted as answer.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
1.  I might say it'd depend on the script, but I left it because it clearly shows the newly elevated session.
2.  Left in more as debugging, but you're correct that it'd be better left out in a script that did more substantive action.
3.  It's amazing that this still slips past me sometimes.  Nice catch.
4.  Funny enough, it does actually work.  Which is probably why I never corrected it.

Cumbersome?  Maybe, but I liked how it's done.  :)

In any case, what I posted already passes the arguments on to the elevated session, which was the point of the question.
If we consider only the part of passing the commandline parameters, then yes, it works and is sufficient as answer (if we add the exit, which is part of the original script).

The try never will work. No matter what parameters you provide, it will output "Hello".
I know it's not doing exactly what's intended (more coincidence than anything), but it will output "No Hello".
User generated imageadmin-test.ps1.txt
"No Hello" only results from not using any parameter. If you provide e.g. -z, it will still be "Hello".
That is because $args[0] errors out if there is no parameter, and so will trigger an exception to catch.
Yep, as I said, coincidence.  I've never made the claim that it was correct in any way, just that it gave the expected output in a limited test.
I have to object. As soon as there is a correct solution posted, you cannot just accept errornous suggestions (alone). The change as posted might have fatal consequences, as it runs the code to execute twice.
And you accepted a comment which is no solution at all.
In #a41265848 I considered not having the exit command a very minor point, as it helped to show that both the new process and old were doing the same thing, and the code after line 25 to be of little consequence since it would certainly be changed to do something  besides a throwaway action.  But I won't argue the point any further.

It seems now the only acceptable course is to split the points between #a41265848 and #a41499530
Though I'm not sure how I feel about awarding points to a post made after a question was re-opened.
Again - old and new code do not the same. And "minor" depends on what the code performs as final action - in this example it is minor, but what if there is code really doing something?
I think most answers here deal with what's posted in front of them, rather than eventualities, unless that's what the asker's question is about.

Again - old and new code do not the same.
I don't know what that means.
I've already made my recommendations.  See #a41506171