How to remote execute an ELEVATED remote script in PowerShell

powershell powershell-2.0 powershell-remoting elevated-privileges
Oscar Foley picture Oscar Foley · May 23, 2012 · Viewed 23.4k times · Source

I have two servers:

  • serverA (windows 2003 server)
  • serverB (windows 7)

ServerA contains a folder with a batch file (deploy.bat) that needs to be executed from an elevated powershell prompt. In ServerA, if I run it from a normal prompt or powershell prompt it fails. If I run it from an elevated prompt it works. (run as administrator).

The problem I have is when I try to execute batch file from serverB using a remote powershell execution. I am able to execute with this command:

Invoke-Command -computername serverA .\remotedeploy.ps1

The content of remotedeploy.ps1 is:

cd D:\Builds\build5
.\Deploy.bat

I have looked a lot questions in stackoverflow about:

  • Execute a remote powershell (This works for me)
  • Execute a local powershell with elevated prompt (I can do it)

This question is about both at the same time. So the exact question is:

Is possible to execute an ELEVATED REMOTE script in PowerShell?

Answer

Aaron Jensen picture Aaron Jensen · Jun 29, 2017

If you're using PowerShell 4, you can execute the command using Desired State Configuration, which run as SYSTEM:

Invoke-Command -ComputerName ServerA -ScriptBlock {
    configuration DeployBat
    {
        # DSC throws weird errors when run in strict mode. Make sure it is turned off.
        Set-StrictMode -Off

        # We have to specify what computers/nodes to run on.
        Node localhost 
        {
            Script 'Deploy.bat'
            {
                # Code you want to run goes in this script block
                SetScript = {
                    Set-Location 'D:\Builds\build5'
                    # DSC doesn't show STDOUT, so pipe it to the verbose stream
                    .\Deploy.bat | Write-Verbose
                }

                # Return $false otherwise SetScript block won't run.
                TestScript = { return $false }

                # This must returns a hashtable with a 'Result' key/value.
                GetScript = { return @{ 'Result' = 'RUN' } }
            }
        }
    }

    # Create the configuration .mof files to run, which are output to
    # 'DeployBot\NODE_NAME.mof' directory/files in the current directory. The default 
    # directory when remoting is C:\Users\USERNAME\Documents.
    DeployBat

    # Run the configuration we just created. They are run against each NODE. Using the 
    # -Verbose switch because DSC doesn't show STDOUT so our resources pipes it to the 
    # verbose stream.
    Start-DscConfiguration -Wait -Path .\DeployBat -Verbose
}

Related questions

Stop Powershell from exiting

I know that there is that little -noexit switch for PowerShell. Is there anyway of staying in the shell without using that switch? In other words, I want a script command(s) that executes then leaves the shell open.

Read More
PowerShell Remoting giving "Access is Denied" error

I am trying to use PowerShell Remoting to check some disk sizes from a Server in a remote domain, but the commands I am running are failing to work. The situation is like this: Source Server is in Domain A …

Read More
Run my third-party DLL file with PowerShell

I am not sure if this is possible or not with PowerShell. But basically I have a Windows Forms program that configures a program called EO Server. The EO Server has an API, and I make a reference to EOServerAPI.…

Read More