Work day: Elevate-PowerShell

In my day to day work, I use a set of PowerShell scripts to perform some repetitive tasks that might otherwise require a visit to a user’s desk. Some of those tasks require that they be run in the context of the local Administrator user (.\Administrator), so for ease of use I like to have a PS command prompt open in that context. I also want to share the script I use among my team so that we can all offer the same quick solutions. Not all of us have access to the Administrator password, though, so I can’t share the password in plain text or code it into every script that uses it.

My solution: create a script that can be run by any local user that opens a PS command prompt running as .\Administrator.

Note: the script should always be run from a technician’s desk and should never be copied to a user’s workstation. The password storage method used in this example is reversible with a small amount of research.

With that in mind, here’s the method.

First, capture the password for the .\Administrator account as an encrypted standard string, and save the standard string in a text file.

Using the documentation of ConvertFrom-SecureString, you can use the following commands to generate a .txt file called AdminPassSecureString.txt:

$SecureString = Read-Host -AsSecureString

After the Read-Host command, PowerShell will display a blank line. Enter the password and press Enter on the keyboard.

$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)

The key is an array of 24 digits, all of which are less than 256. You should not use this key value; it was copied from the cmdlet documentation page.

ConvertFrom-SecureString $SecureString -Key $Key | Out-File AdminPassSecureString.txt

Second, save the following into a file called Elevate-PowerShell.ps1. This code uses ConvertTo-SecureString to convert the encrypted standard string from the .txt file back into a SecureString, which is then used to create a credential object ($cred), which is then used to start the PowerShell process.

$user = ".\Administrator"
$cred = new-object -typename System.Management.Automation.PSCredential $user,(Get-Content C:\Path\To\File\AdminPassSecureString.txt | ConvertTo-SecureString -Key (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43))

Start-Process powershell -Credential $cred

Run this file using a non-elevated PowerShell prompt or by right-clicking it in the file explorer and selecting “Run with PowerShell”. The result: a PS command prompt running in the local Administrator user context! Useful for all sorts of tasks. I’ll share some of the basic scripts I use in future posts.

One Reply to “Work day: Elevate-PowerShell”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.