Link to home
Start Free TrialLog in
Avatar of Albert Widjaja
Albert WidjajaFlag for Australia

asked on

PowerShell Launching application using different user account failed ?

Hi All,

Due to PCI compliance all WIndows RSAT application and other IT Management tools must be launched by using my own AD admin account.

Since I login using DOMAIN\username how can I create the Powershell script to start the Remote Server Administration Tools for Windows 10 ?

Note, I'm trying to use the below script but it is not working for MMC application.

Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Get-Credential) -WorkingDirectory "C:\Windows\System32\"

Open in new window


Error Code:
Start-Process : This command cannot be run because the input "C:\Windows\System32\dsa.msc" is not a valid Application.  Give a valid application and run your command again.
At C:\Users\admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:4 char:1
+ Start-Process -FilePath "C:\Windows\System32\dsa.msc" -Credential (Ge ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Open in new window


but it works for Internet Explorer for example:

Start-Process -FilePath "C:\Program Files\Internet Explorer\iexplore.exe" "www.microsoft.com" -Credential (Get-Credential) -WorkingDirectory "C:\Program Files\Internet Explorer\"

Open in new window

Avatar of Adam Brown
Adam Brown
Flag of United States of America image
If you log into your workstation with your admin credentials, that will let you run RSAT with them. Is there something that keeps you from doing so?

That said, dsa.msc isn't a valid application. It's a snap-in for the MMC. You can try running mmc.exe with the command, or you can use %SystemRoot%\system32\ServerManager.exe to open the server manager UI
Avatar of Albert Widjaja
Albert Widjaja
Flag of Australia image

ASKER

Hi AC,

I'm logging in using DOMAIN\username but all of those applicaton must be executed using DOMAIN\Admin-Username hence I must perform Right Click and then select Run As..
Avatar of Dustin Saunders
Dustin Saunders
Flag of United States of America image
Hmm, that's a tricky one but I think I have a solution.  Firstly, you need
-Verb runas

Open in new window

But that will fail with different credentials.  So I think the solution is to first launch powershell as the admin user, then run MMC with elevation.  This is working for me on my 2012R2 server.

$call = 'Start-Process -FilePath "C:\Windows\System32\mmc.exe" -ArgumentList "C:\Windows\System32\dsa.msc" -Verb runAs'
Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Credential (Get-Credential)

Open in new window

Avatar of Albert Widjaja
Albert Widjaja
Flag of Australia image

ASKER

Dustin,

When I execute from my work laptop, I got this error:

Start-Process : This command cannot be run due to the error: The directory name is invalid.
At C:\Users\Admini\AppData\Local\Temp\dd5b272b-a9e0-448d-8879-71e5f670e144.ps1:3 char:1
+ Start-Process powershell.exe -NoNewWindow -ArgumentList $call -Creden ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Dustin Saunders
Dustin Saunders
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial