I have a simple PowerShell script to stop a process:
$p = get-process $args
if ( $p -ne $null )
{
$p | stop-process
$p | select ProcessName, ID, HasExited, CPU, Handles
}
else { "No such process" }
If I try to stop a process not started by the current user; it works on Windows Server 2003. However, on Windows Server 2008 (and other Windows flavours with User Account Control), I get the following error:
Stop-Process : Cannot stop process "w3wp (5312)" because of the follow开发者_运维问答ing error: Access is denied
Is there any way to get around this without running PowerShell with elevated privileges ? It would be OK if the user was just presented with the UAC prompt, whenever he tries to execute an action, that requires elevation.
AFAIK, there is no way to do it in the sense that you seem to want. That is running a specified .exe and expecting a prompt to appear immediately.
What I do is for commands that I know have to be run with administrative privs, I run them with a functions I have laying around called Invoke-Admin. It ensures that I'm running as admin and will prompt the user with the UAC dialog if i'm not before running the command.
Here it is
function Invoke-Admin() {
param ( [string]$program = $(throw "Please specify a program" ),
[string]$argumentString = "",
[switch]$waitForExit )
$psi = new-object "Diagnostics.ProcessStartInfo"
$psi.FileName = $program
$psi.Arguments = $argumentString
$psi.Verb = "runas"
$proc = [Diagnostics.Process]::Start($psi)
if ( $waitForExit ) {
$proc.WaitForExit();
}
}
First install PowerShell Community Extensions choco install pscx
via Chocolatey (you may have to restart your shell environment)
then enable pscx
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser #allows scripts to run from the interwebs, such as pcsx
Then use Invoke-Elevated
, for example
Invoke-Elevated {Add-PathVariable $args[0] -Target Machine} -ArgumentList $MY_NEW_DIR
This script sectio check for the Medium Mandatory level token (non elevated admin) and restarts the script elevated.
if ($Mygroups -match ".*Mandatory Label\\Medium Mandatory Level") {
#non elevated admin: elevating
write-host "Elevate"
start-process powershell -Argumentlist "$PSCommandPath -Yourargument $Youragumentvalue" -verb runas -Wait
exit
}
精彩评论