In my day to day work, I use a set of PowerShell scripts to perform some repetitive tasks that might otherwise require a visit to a user’s desk. Some of those tasks require that they be run in the context of the local Administrator user (.\Administrator), so for ease of use I like to have a PS command prompt open in that context. I also want to share the script I use among my team so that we can all offer the same quick solutions. Not all of us have access to the Administrator password, though, so I can’t share the password in plain text or code it into every script that uses it.
My solution: create a script that can be run by any local user that opens a PS command prompt running as .\Administrator.
Note: the script should always be run from a technician’s desk and should never be copied to a user’s workstation. The password storage method used in this example is reversible with a small amount of research.
With that in mind, here’s the method.
First, capture the password for the .\Administrator account as an encrypted standard string, and save the standard string in a text file.
Using the documentation of ConvertFrom-SecureString, you can use the following commands to generate a .txt file called AdminPassSecureString.txt:
$SecureString = Read-Host -AsSecureString
After the Read-Host command, PowerShell will display a blank line. Enter the password and press Enter on the keyboard.
$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
The key is an array of 24 digits, all of which are less than 256. You should not use this key value; it was copied from the cmdlet documentation page.
ConvertFrom-SecureString $SecureString -Key $Key | Out-File AdminPassSecureString.txt
Second, save the following into a file called Elevate-PowerShell.ps1. This code uses ConvertTo-SecureString to convert the encrypted standard string from the .txt file back into a SecureString, which is then used to create a credential object ($cred), which is then used to start the PowerShell process.
$user = ".\Administrator" $cred = new-object -typename System.Management.Automation.PSCredential $user,(Get-Content C:\Path\To\File\AdminPassSecureString.txt | ConvertTo-SecureString -Key (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)) Start-Process powershell -Credential $cred
Run this file using a non-elevated PowerShell prompt or by right-clicking it in the file explorer and selecting “Run with PowerShell”. The result: a PS command prompt running in the local Administrator user context! Useful for all sorts of tasks. I’ll share some of the basic scripts I use in future posts.