Sooner or later, as you begin to hone your PowerShell skills, you’ll start writing scripts to automate repetitive tasks. If you run your workstation with standard user privileges, you’ll soon discover that it’s not possible to launch PowerShell scripts with administrative privileges by right-clicking the script and selecting Run as administrator from the context menu (which is available for most over types of executable). Today I’ll show you two ways that you can run remote powershell script with admin privileges.
Add this snippet of code to the beginning of your PowerShell script, and a UAC prompt will appear, asking for administrative credentials or consent before any subsequent code is executed.
param([switch]$Elevated)
- function Check-Admin {
- $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
- $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
- }
- if ((Check-Admin) -eq $false) {
- if ($elevated)
- {
- # could not elevate, quit
- }
- else {
- Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
- }
- exit
- }
Alternatively, you can run scripts directly from inside the Windows PowerShell ISE. To start the ISE with administrative privileges:
powershell ise
, and make sure that PowerShell ISE is selected in the search results. Press CTRL+SHIFT+ENTER to start the ISE with elevated privileges and enter administrative credentials or give sent if prompted.
PowerShell Remoting infrastructure is based on WinRM version 2.0, and therefore inherits all the advantages of this technology, such as encrypting the data transferred, and the ability to work on standard HTTP / HTTPS ports. But thanks to the rich capabilities of the language of Windows PowerShell, and its ability to work with objects, we get even greater opportunities.
Before you take advantage of all these advantages, PowerShell Remoting needs to be activated on the manager and on managed computers. It's easy to do this by running the cmdlet (Windows PowerShell command) Enable-PSRemoting
. And if you add the -Force
key, no confirmation will be requested. This cmdlet will call winrs quickconfig, if necessary, and create exceptions in Windows Firewall, so no further action is needed.
After that, you can easily execute commands on other computers using the Invoke-Command cmdlet (or its alias icm)
Invoke-Command -ComputerName Main -ScriptBlock {netsh interface dump > c:\ipconfig.txt}
Of course, the command can be placed in a variable in advance and for the -ComputerName
parameter specify the names of not just one but several computers. The following sequence allows you to display the version of the Explorer.exe file from three computers at once.
$Command = {(get-item c:\Windows\explorer.exe).VersionInfo.FileVersion}
Invoke-Command -ComputerName Main, Server7, Replica -ScriptBlock $Command
As you can see, you can send several commands in one block at once, place their execution results on several computers into a variable, and then process them at the workstation using the capabilities of Windows PowerShell to work with objects.
However, the PowerShell Remoting features are just beginning here. Using the Enter-PSSession
cmdlet, you can log in to an interactive Windows PowerShell session on a remote computer. You can exit this session by using the Exit-PSSession
cmdlet or simply Exit.
The New-PSSession
cmdlet creates sessions on remote computers, pointers to which can be placed in a variable, and then passing it as an argument for Invoke-Command
to execute commands on several computers at once in a persistent environment. You can see an example in the screenshot where I am running a sequence of commands on several computers at once from the list c: \ computers.txt.
Also consider using Action1 to run remote powershell script if: