开发者

Showing the UAC prompt in PowerShell if the action requires elevation

开发者 https://www.devze.com 2022-12-08 18:10 出处:网络
I have a simple PowerShell script to stop a process: $p = get-process $args if ( $p -ne $null ) { $p | stop-process

I have a simple PowerShell script to stop a process:

$p = get-process $args
if ( $p -ne $null )
{
$p | stop-process
$p | select ProcessName, ID, HasExited, CPU, Handles
}
else { "No such process" }

If I try to stop a process not started by the current user; it works on Windows Server 2003. However, on Windows Server 2008 (and other Windows flavours with User Account Control), I get the following error:

Stop-Process : Cannot stop process "w3wp (5312)" because of the follow开发者_运维问答ing error: Access is denied

Is there any way to get around this without running PowerShell with elevated privileges ? It would be OK if the user was just presented with the UAC prompt, whenever he tries to execute an action, that requires elevation.


AFAIK, there is no way to do it in the sense that you seem to want. That is running a specified .exe and expecting a prompt to appear immediately.

What I do is for commands that I know have to be run with administrative privs, I run them with a functions I have laying around called Invoke-Admin. It ensures that I'm running as admin and will prompt the user with the UAC dialog if i'm not before running the command.

Here it is

function Invoke-Admin() {
    param ( [string]$program = $(throw "Please specify a program" ),
            [string]$argumentString = "",
            [switch]$waitForExit )

    $psi = new-object "Diagnostics.ProcessStartInfo"
    $psi.FileName = $program 
    $psi.Arguments = $argumentString
    $psi.Verb = "runas"
    $proc = [Diagnostics.Process]::Start($psi)
    if ( $waitForExit ) {
        $proc.WaitForExit();
    }
}


First install PowerShell Community Extensions choco install pscx via Chocolatey (you may have to restart your shell environment)

then enable pscx

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser #allows scripts to run from the interwebs, such as pcsx

Then use Invoke-Elevated, for example

Invoke-Elevated {Add-PathVariable $args[0] -Target Machine} -ArgumentList $MY_NEW_DIR


This script sectio check for the Medium Mandatory level token (non elevated admin) and restarts the script elevated.

if ($Mygroups -match ".*Mandatory Label\\Medium Mandatory Level") {
  #non elevated admin: elevating
  write-host "Elevate"
  start-process powershell -Argumentlist "$PSCommandPath  -Yourargument $Youragumentvalue" -verb runas -Wait 
  exit
}
0

精彩评论

暂无评论...
验证码 换一张
取 消