0

I am using Powershell to figure out a way to elevate a standard user with admin rights. I also need the result output as well. Using Start-Process is not a good approach as it can't seem to send the output when I am using -verb runas switch alone with -RedirectStandardOutput. Below is the code I am using. Any argument that requires to run as a local admin will generate the access denied error. It runs as the actual user correctly, but I am getting the access denied error even though I use verb = runas. I just can't figure out a way to run elevated approach. I have UAC enabled so I am fine to consent it manually.

$psi = New-object System.Diagnostics.ProcessStartInfo 
$psi.CreateNoWindow = $true 
$psi.UseShellExecute = $false 
$psi.RedirectStandardOutput = $true 
$psi.RedirectStandardError = $true 
$psi.FileName = 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' 
$psi.Verb = "runas"
$psi.Arguments = @("Get-BitLockerVolume -MountPoint c:") 
$psi.WorkingDirectory = "c:\support"
$psi.UserName = "adminuser"
$psi.Domain = "domain"
$psi.Password = ConvertTo-SecureString -AsPlainText 'Pa$$w0rd' -Force
$process = New-Object System.Diagnostics.Process 
$process.StartInfo = $psi 
[void]$process.Start()
$output = $process.StandardOutput.ReadToEnd() 
$outerror = $process.StandardError.ReadToEnd() 
$process.WaitForExit() 
$output
$outerror

Here is the error.

Get-CimInstance : Access denied 
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:144 char:13
+             Get-CimInstance `
+             ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (root\cimv2\Secu...cryptableVolume:String) [Get-CimInstance], CimExcep 
   tion
    + FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
 
Get-Win32EncryptableVolumeInternal : c: does not have an associated BitLocker volume.
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:344 char:35
+ ... bleVolume = Get-Win32EncryptableVolumeInternal -MountPoint $MountPoin ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Get-Win32EncryptableVolumeInternal
Jiayu Sun
  • 1
  • try this [answer](https://stackoverflow.com/questions/133379/elevating-process-privilege-programmatically) – Hazrelle Nov 18 '21 at 10:36

0 Answers0