Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

PowerShell Launching application using different user account failed ?

Posted on 2016-07-28
6
Medium Priority
?
453 Views
Last Modified: 2016-09-21
Hi All,

Due to PCI compliance all WIndows RSAT application and other IT Management tools must be launched by using my own AD admin account.

Since I login using DOMAIN\username how can I create the Powershell script to start the Remote Server Administration Tools for Windows 10 ?

Note, I'm trying to use the below script but it is not working for MMC application.

Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Get-Credential) -WorkingDirectory "C:\Windows\System32\"

Open in new window


Error Code:
Start-Process : This command cannot be run because the input "C:\Windows\System32\dsa.msc" is not a valid Application.  Give a valid application and run your command again.
At C:\Users\admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:4 char:1
+ Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Ge ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Open in new window


but it works for Internet Explorer for example:

Start-Process -FilePath "C:\Program Files\Internet Explorer\iexplore.exe" "www.microsoft.com" -Credential (Get-Credential) -WorkingDirectory "C:\Program Files\Internet Explorer\"

Open in new window

0
Comment
  • 2
  • 2
5 Comments
 
LVL 43

Expert Comment

by:Adam Brown
ID: 41733987
If you log into your workstation with your admin credentials, that will let you run RSAT with them. Is there something that keeps you from doing so?

That said, dsa.msc isn't a valid application. It's a snap-in for the MMC. You can try running mmc.exe with the command, or you can use %SystemRoot%\system32\ServerManager.exe to open the server manager UI
1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41733988
Hi AC,

I'm logging in using DOMAIN\username but all of those applicaton must be executed using DOMAIN\Admin-Username hence I must perform Right Click and then select Run As..
0
 
LVL 14

Expert Comment

by:Dustin Saunders
ID: 41734153
Hmm, that's a tricky one but I think I have a solution.  Firstly, you need
-Verb runas

Open in new window

But that will fail with different credentials.  So I think the solution is to first launch powershell as the admin user, then run MMC with elevation.  This is working for me on my 2012R2 server.

$call = 'Start-Process -FilePath "C:\Windows\System32\mmc.exe" -ArgumentList "C:\Windows\System32\dsa.msc" -Verb runAs'
Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Credential (Get-Credential)

Open in new window

1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41734227
Dustin,

When I execute from my work laptop, I got this error:

Start-Process : This command cannot be run due to the error: The directory name is invalid.
At C:\Users\Admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:3 char:1
+ Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Creden ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Open in new window

0
 
LVL 14

Accepted Solution

by:
Dustin Saunders earned 1500 total points
ID: 41734655
Odd, should default the working dir to sys32 but try adding it in:

$call = 'Start-Process -FilePath "C:\Windows\System32\mmc.exe" -ArgumentList "C:\Windows\System32\dsa.msc" -Verb runAs'
Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Credential (Get-Credential) -WorkingDirectory "C:\Windows\System32"

Open in new window

0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question