如何使用/不使用PowerShell的提升特权来运行exe [英] How to run exe with/without elevated privileges from PowerShell
问题描述
我想以一种简单的方法来运行来自同一用户的具有不同特权的进程,而无需询问或知道他/她的密码。如有必要,可以进行对话。我宁愿不启动PowerShell子过程来完成此任务。
方案1:
PowerShell脚本在admin中运行-模式。我想在同一用户上启动没有管理员特权的脚本或.exe。
方案2:
PowerShell脚本在正常模式下运行。我想在同一用户上启动具有管理员权限的脚本或.exe。
让我们将其分为三部分。
首先确定当前会话是否正在使用管理员权限运行:
$ CurrentID = [System.Security.Principal.WindowsIdentity] :: GetCurrent()
$ CurrentPrincipal =新对象System.Security.Principal.WindowsPrincipal($ CurrentID)
$ adminRole = [System.Security。 Principal.WindowsBuiltInRole] :: Administrator
#检查会话当前是否具有管理员权限
if($ CurrentPrincipal.IsInRole($ adminRole)){
写主机是的,我们正在提升。
}其他{
写主机不,这是正常的用户会话。
}
现在,如果我们运行时有无海拔,则可以开始新的具有以下特权的进程:
$ newProc =新对象System.Diagnostics.ProcessStartInfo PowerShell
#指定要运行的内容
$ newProc.Arguments = powershell.exe
#如果设置了此选项,进程将被提升
$ newProc.Verb = runas
[系统.Diagnostics.Process] :: Start($ newProc)
最后,如果我们拥有更高的特权,但是想在没有...的情况下开始新的流程。
我不知道。将不得不尝试找到答案,但是由于这不是一个常见的情况,所以到目前为止我还没有运气。
编辑:我现在看到了针对这种情况的几个解决方案。 .NET / PowerShell中没有本地方法可以做到这一点。有些非常复杂(调用一些12个COM对象)。此
I would like an easy way to run a process with different privileges from the same user without asking or knowing his/her password. A dialog is okay if necessary. I would prefer not to launch a PowerShell sub-process to accomplish this.
Scenario 1: PowerShell script is running in admin-mode. I want to launch a script or an .exe without admin privileges but on the same user.
Scenario 2: PowerShell script is running in normal mode. I want to launch a script or an .exe with admin privileges on the same user.
Let's split this into three parts.
First determine if current session is running with admin privileges:
$CurrentID = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$CurrentPrincipal = new-object System.Security.Principal.WindowsPrincipal($CurrentID)
$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator
# Check to see if session is currently with admin privileges
if ($CurrentPrincipal.IsInRole($adminRole)) {
write-host "Yes we are running elevated."
}else{
write-host "No this is a normal user session."
}
Now, if we are running with or without elevation, you can start a new process with elevated privileges like this:
$newProc = new-object System.Diagnostics.ProcessStartInfo "PowerShell"
# Specify what to run
$newProc.Arguments = "powershell.exe"
# If you set this, process will be elevated
$newProc.Verb = "runas"
[System.Diagnostics.Process]::Start($newProc)
And lastly, if we have elevated privileges, but would like to start a new process without...
I have no idea. Will have to try to find the answer to this, but as it is not a common scenario, I had no luck so far.
EDIT: I have now seen a couple of "solutions" for this scenario. There is no native way to do this in .NET/PowerShell. Some are quite complicated (Calls to some 12 COM objects). This vista-7-uac-how-to-lower-process-privileges is a good reference.
The one that seems most elegant to me, is exploiting a "bug" in explorer.exe. Just launch you .exe using explorer.exe and the resulting process runs without privilege elevation again.
$newProc = new-object System.Diagnostics.ProcessStartInfo "PowerShell"
# Specify what to run, you need the full path after explorer.exe
$newProc.Arguments = "explorer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
[System.Diagnostics.Process]::Start($newProc)
EDIT #2: Another way I have just found to start a new non-elevated process from an already elevated environment is to use the runas.exe with the 0x20000 (Basic User) trust level:
C:\> runas /showtrustlevels
The following trust levels are available on your system:
0x20000 (Basic User)
C:\> runas /trustlevel:0x20000 devenv
这篇关于如何使用/不使用PowerShell的提升特权来运行exe的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
