Albert Widjaja
asked on
PowerShell Launching application using different user account failed ?
Hi All,
Due to PCI compliance all WIndows RSAT application and other IT Management tools must be launched by using my own AD admin account.
Since I login using DOMAIN\username how can I create the Powershell script to start the Remote Server Administration Tools for Windows 10 ?
Note, I'm trying to use the below script but it is not working for MMC application.
Error Code:
but it works for Internet Explorer for example:
Due to PCI compliance all WIndows RSAT application and other IT Management tools must be launched by using my own AD admin account.
Since I login using DOMAIN\username how can I create the Powershell script to start the Remote Server Administration Tools for Windows 10 ?
Note, I'm trying to use the below script but it is not working for MMC application.
Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Get-Credential) -WorkingDirectory "C:\Windows\System32\"
Error Code:
Start-Process : This command cannot be run because the input "C:\Windows\System32\dsa.msc" is not a valid Application. Give a valid application and run your command again.
At C:\Users\admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:4 char:1
+ Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Ge ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
but it works for Internet Explorer for example:
Start-Process -FilePath "C:\Program Files\Internet Explorer\iexplore.exe" "www.microsoft.com" -Credential (Get-Credential) -WorkingDirectory "C:\Program Files\Internet Explorer\"
ASKER
Hi AC,
I'm logging in using DOMAIN\username but all of those applicaton must be executed using DOMAIN\Admin-Username hence I must perform Right Click and then select Run As..
I'm logging in using DOMAIN\username but all of those applicaton must be executed using DOMAIN\Admin-Username hence I must perform Right Click and then select Run As..
Hmm, that's a tricky one but I think I have a solution. Firstly, you need
-Verb runas
But that will fail with different credentials. So I think the solution is to first launch powershell as the admin user, then run MMC with elevation. This is working for me on my 2012R2 server.$call = 'Start-Process -FilePath "C:\Windows\System32\mmc.exe" -ArgumentList "C:\Windows\System32\dsa.msc" -Verb runAs'
Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Credential (Get-Credential)
ASKER
Dustin,
When I execute from my work laptop, I got this error:
When I execute from my work laptop, I got this error:
Start-Process : This command cannot be run due to the error: The directory name is invalid.
At C:\Users\Admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:3 char:1
+ Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Creden ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That said, dsa.msc isn't a valid application. It's a snap-in for the MMC. You can try running mmc.exe with the command, or you can use %SystemRoot%\system32\Serv