How PowerShell enables normal users to execute programs with Administrator privileges

Windows Client management often encounters a scenario in which the user needs to upgrade a software, but requires administrator privileges, and if it is a program that is not published through Group Policy or SCCM, then desktop support needs to run in person and enter the administrator user and password elevation privileges.

So how do you allow ordinary users to execute a program with administrator privileges?

The simplest way is to create a shortcut that specifies RunAs's administrator account and password on the path, and the path to the file can be executed. However, the disadvantage is that password accounts are shown in clear text, the user is a little bit smarter to see. The solution is very simple, the operation of the RunAs script implementation, and then compiled into an EXE file can hide the source code.

Here's a simple example I want to open TeamViewer with administrator privileges
Write a script T2.ps1

You can see that both the password and the user are displayed in clear text

$secpasswd = ConvertTo-SecureString ‘Pa$$word‘ -AsPlainText -Force$mycreds = New-Object System.Management.Automation.PSCredential ("administrator", $secpasswd)Start-Process "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" -Credential $mycreds

The next step needs to be compiled into EXE. Here need to explain that PowerShell does not really ' compile ' into an EXE, his essence is to compress after processing exe shell. Generally can be compiled with PowerGUI this software, but I am too lazy to download the installation of such a large software, directly with PowerShell script can also be implemented. This PowerShell script has been written by someone, download link https://gallery.technet.microsoft.com/scriptcenter/PS2EXE-GUI-Convert-e7cb69d5

There are ready-made examples in the download complete. For the sake of convenience, I dragged my t2.ps1 directly into the examples directory.

Modify BUILDEXAMPLES.PS1, specify directory and icon

$SCRIPTPATH = Split-Path $SCRIPT:MyInvocation.MyCommand.Path -parentls "$SCRIPTPATH\Examples\*.ps1" | %{    ."$SCRIPTPATH\ps2exe.ps1" "$($_.Fullname)" "$($_.Fullname -replace ‘.ps1‘,‘.exe‘)" -verbose -iconfile "PSEXE.ico"    ."$SCRIPTPATH\ps2exe.ps1" "$($_.Fullname)" "$($_.Fullname -replace ‘.ps1‘,‘-GUI.exe‘)" -verbose -noConsole}Remove-Item "$SCRIPTPATH\Examples\Progress.exe*"Remove-Item "$SCRIPTPATH\Examples\ScreenBuffer-GUI.exe*"$NULL = Read-Host "Press enter to exit"

Then execute this buildexamples.bat file, he will automatically compile the PS1 file as EXE file, and add the specified icon

Double-click My t2.exe and he'll open it automatically TeamViewer

Take a look at the process, it's really administrator.

Problem solving

How PowerShell enables normal users to execute programs with Administrator privileges