Solved

PowerShell Launching application using different user account failed ?

Posted on 2016-07-28
6
56 Views
Last Modified: 2016-09-21
Hi All,

Due to PCI compliance all WIndows RSAT application and other IT Management tools must be launched by using my own AD admin account.

Since I login using DOMAIN\username how can I create the Powershell script to start the Remote Server Administration Tools for Windows 10 ?

Note, I'm trying to use the below script but it is not working for MMC application.

Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Get-Credential) -WorkingDirectory "C:\Windows\System32\"

Open in new window


Error Code:
Start-Process : This command cannot be run because the input "C:\Windows\System32\dsa.msc" is not a valid Application.  Give a valid application and run your command again.
At C:\Users\admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:4 char:1
+ Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Ge ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Open in new window


but it works for Internet Explorer for example:

Start-Process -FilePath "C:\Program Files\Internet Explorer\iexplore.exe" "www.microsoft.com" -Credential (Get-Credential) -WorkingDirectory "C:\Program Files\Internet Explorer\"

Open in new window

0
Comment
  • 2
  • 2
6 Comments
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
If you log into your workstation with your admin credentials, that will let you run RSAT with them. Is there something that keeps you from doing so?

That said, dsa.msc isn't a valid application. It's a snap-in for the MMC. You can try running mmc.exe with the command, or you can use %SystemRoot%\system32\ServerManager.exe to open the server manager UI
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Hi AC,

I'm logging in using DOMAIN\username but all of those applicaton must be executed using DOMAIN\Admin-Username hence I must perform Right Click and then select Run As..
0
 
LVL 12

Expert Comment

by:Dustin Saunders
Comment Utility
Hmm, that's a tricky one but I think I have a solution.  Firstly, you need
-Verb runas

Open in new window

But that will fail with different credentials.  So I think the solution is to first launch powershell as the admin user, then run MMC with elevation.  This is working for me on my 2012R2 server.

$call = 'Start-Process -FilePath "C:\Windows\System32\mmc.exe" -ArgumentList "C:\Windows\System32\dsa.msc" -Verb runAs'
Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Credential (Get-Credential)

Open in new window

1
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Dustin,

When I execute from my work laptop, I got this error:

Start-Process : This command cannot be run due to the error: The directory name is invalid.
At C:\Users\Admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:3 char:1
+ Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Creden ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Open in new window

0
 
LVL 12

Accepted Solution

by:
Dustin Saunders earned 500 total points
Comment Utility
Odd, should default the working dir to sys32 but try adding it in:

$call = 'Start-Process -FilePath "C:\Windows\System32\mmc.exe" -ArgumentList "C:\Windows\System32\dsa.msc" -Verb runAs'
Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Credential (Get-Credential) -WorkingDirectory "C:\Windows\System32"

Open in new window

0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now