Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Defaulting Power Shell's "elevation" mode

11 views
Skip to first unread message

Mac

unread,
Apr 1, 2008, 2:34:04 PM4/1/08
to
We've just got a new Windows 2008 RTM Server setup and are trying to install
our ASP.NET application which uses a Power Shell script that calls IIS 7.0's
AppCMD command to nuke/pave the site's setup. At the end of the install
script we issue start commands to the AppPools and Sites we created. We also
make sure some other services (e.g. aspnet_state) are running before the
install finishes. This has all be working fine while running on Beta
versions of Windows 2008 servers.

The issue we're running into with the release version of Windows 2008, is it
seems for any start service (or worker process) command to work (e.g. net
start <service>, Start-Service <service>, AppCMD start site MySite), the
shell you run it in (e.g. Power Shell or Command) has to be run in "elevated"
mode. If we were to run this script manually, we could Right Click on Power
Shell and say Run as Administrator. But we call this install script remotely
through a mass deployment process.

Does anyone know of a way to force Power Shell to run "elevated" when we
call our script remotely? Basically I don't want to worry about having to
specify that "hey Windows 2008, I want to run the command in an 'elevated'
shell so I can make sure services are started."

Jon

unread,
Apr 1, 2008, 3:17:52 PM4/1/08
to
If the main installer for your application runs elevated (which it will do
automatically if it's an executable named something like setup.exe,
install.exe etc) then any Powershell process it launches will also run
elevated by default.


--
Jon


"Mac" <M...@discussions.microsoft.com> wrote in message
news:E7B9ED7D-AF89-4EEF...@microsoft.com...

Mac

unread,
Apr 1, 2008, 3:27:02 PM4/1/08
to
Thanks Jon. I may have mistated my question.

Then entire install is writen in Power Shell. Basically when we launch our
script (i.e. powershell .\myscript.ps1), any service commands (e.g.
start-service w3svc) will not run because Power Shell is not running in
"elevated" mode.

Does that make sense?

Mac

unread,
Apr 1, 2008, 4:23:01 PM4/1/08
to
This most likely is in violation of all security principals, but we ended up
turning off User Account Control. This could be just my callowness with
Windows 2008, but UAC seems to be far more confusing that helpful so far.

Jon

unread,
Apr 1, 2008, 5:20:44 PM4/1/08
to
"Mac" <M...@discussions.microsoft.com> wrote in message
news:1EE9396D-BFDD-460A...@microsoft.com...

> This most likely is in violation of all security principals, but we ended
> up
> turning off User Account Control. This could be just my callowness with
> Windows 2008, but UAC seems to be far more confusing that helpful so far.
>

It takes a while to get used to, but it would probably violate even more
security principles were I to show how to run powershell scripts elevated
with no UAC prompts when UAC prompts are enabled - but there's nothing to
stop you setting up your systems to best suit your particular usage, as
you've done so.

--
Jon


Joel (Jaykul) Bennett

unread,
Apr 2, 2008, 11:02:52 PM4/2/08
to
You can use SchTasks.exe to run an app elevated without prompting as
long as A) you're a member of the administrators group, and B) you
create a (unscheduled) scheduled task first ... which requires you to
elevate.

http://huddledmasses.org/vista-setuid-how-to-elevate-without-prompting/

--
Joel "Jaykul" Bennett

0 new messages