Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, January 27, 2018 7:39 AM
Dear All,
i want to run command (use Secedit command to export GroupPolicy) in Powershell with mydomain\adminaccount as blow :
$command = 'SecEdit.exe /export /cfg C:\temp\test.inf /quiet'
Start-Process -FilePath "$PSHOME\POWERSHELL.EXE" -ArgumentList "-noprofile -command $command" -Verb runas
However, after ran above command , it always popped up the UAC authorization then ask me to confirm the execution of this command. You know , this can't be done in a Powshell script .
So is there any way to bypass the UAC to run this command for export GroupPolicy ? Please help me : (
All replies (3)
Saturday, January 27, 2018 7:54 AM
There is no way to bypass UAC. SECEDIT does not export Group Policy. It exports the local system security policy.
TO understand UAC limitations see: https://social.technet.microsoft.com/Forums/en-US/21afa490-a74e-4052-8c34-e997cdc593b3/you-cannot-bypass-the-uac-prompt?forum=ITCG
\(ツ)_/
Saturday, January 27, 2018 8:21 AM
If a script needs to be run elevated, then you can ensure it will only ever be run elevated by including the logic within the script.
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
{
# Relaunch as an elevated process:
Start-Process powershell.exe "-File",('"{0}"' -f $MyInvocation.MyCommand.Path) -Verb RunAs
exit
}
# Now running elevated so launch the script:
& "d:\long path name\script name.ps1" "Long Argument 1" "Long Argument 2"
Saturday, January 27, 2018 8:26 AM
That will not bypass the UAC prompt - it will force the script to run and present the UAC prompt.
The question is not about PowerShell. It is about SECEDIT which forces the UAC whenever it is run. It does internally what you have proposed.
Which brings us to this issue. The question is not a scripting question and should be posted in the "Security" forum.
\(ツ)_/