Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PowerShell launch script in new instance

Tags:

powershell

I have a Master script that has several options. When you select 1 in the menu, action 1 will be executed and afterwards you'll get back to the menu. This is working fine but I would like to be able to select for example 8, which launches the code block of the Permissions script in a new PowerShell window. I would like to have all code in one script and not call another script.

I know this can be done with 'Start-Process powershell' as found in several threats. This does open an new PowerShell window but doesn't execute the code block properly of the Permissions script. Any help would be appreciated.

Master script:

<# Author: Me #> # Variables $User = [Environment]::UserName $OutputPath = "C:\Users\$User\Downloads\" # Functions Function Manager ($u) {  $m = Get-ADObject -Identity $u.managedBy -Properties displayName,cn     if($m.ObjectClass -eq "user") { $m.displayName } Else{ $m.cn } }  # Hit play do {   [int]$userMenuChoice = 0   cls   while ( $userMenuChoice -lt 1 -or $userMenuChoice -gt 7) {     Write-Host "PowerShell for dummies"     Write-Host "__________________________________________________"     Write-Host "1. Groups created in the last 3 weeks"     Write-Host "2. Users created in the last 3 weeks"     Write-Host "3. All BEL Users"     Write-Host "4. Users with an incorrect display name or city"     Write-Host "5. Users de-provisioned within 3 weeks"     Write-Host "6. Files/Folders: Activate inheritance & set owner to admin"     Write-Host "7. Quit"      [int]$userMenuChoice = Read-Host "Please choose an option"      switch ($userMenuChoice) {       1{# Groups created in the last 3 weeks         $When = ((Get-Date).AddDays(-21)).Date          Get-ADGroup -SearchBase "OU=Groups,OU=BEL,OU=EU,DC=domain,DC=net" -Filter {whenCreated -ge $When} -Properties * |          Select whenCreated, cn, displayName, GroupScope, GroupCategory, description, info, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"New groups.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"New groups.csv"}       2{# Users created in the last 3 weeks         $When = ((Get-Date).AddDays(-21)).Date         Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter {whenCreated -ge $When} -Properties * | Select whenCreated, Name,displayName, sn,  givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"New users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"New users.csv"}       3{# All BEL users         Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | Select whenCreated, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}, Name,displayName, sn,  givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"BEL Service Accounts.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"BEL Service Accounts.csv"}       4{# Users with an incorrect display name or city         Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | where {$_.cn -NotLike "*$($_.l)*" -and $_.distinguishedname -notmatch 'OU=Terminated Users,OU=BEL,OU=EU,DC=grouphc,DC=net' -and $_.cn -ne "BNL Service Desk"} | Select whenCreated, Name,displayName, sn,  givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"Incorrect users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"Incorrect users.csv"}       5{# Users de-provisioned within 3 weeks         $LogonDate = ((Get-Date).AddDays(-80)).Date # GIT 104 days KB-3872         $CreaDate = ((Get-Date).AddDays(-60)).Date # GIT 60 days         $PwdDate = ((Get-Date).AddDays(-90)).Date # GIT 90 days         Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=grouphc,DC=net" -Filter {(lastLogonDate -le $LogonDate) -and (WhenCreated -lt $CreaDate) -and (PwdLastSet -le $PwdDate)} -Properties * | Select LastLogonDate, WhenCreated, PasswordLastSet, Name,  title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"To be deprovisioned.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"To be deprovisioned.csv"}       6{# Files/Folders: Activate inheritance & set owner to admin         Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | where {$_.cn -NotLike "*$($_.l)*" -and $_.distinguishedname -notmatch 'OU=Terminated Users,OU=BEL,OU=EU,DC=grouphc,DC=net' -and $_.cn -ne "BNL Service Desk"} | Select whenCreated, Name,displayName, sn,  givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"Incorrect users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"Incorrect users.csv"}     }   } } while ( $userMenuChoice -ne 7 ) cls  Write-Host "We left here because there's nothing else to do.." 

Permissions script:

####### TO DO ####### $Target = "\\domain.net\SHARE\Target"   # Change FOLDER owners to Admin If (Test-Path C:\PTemp) { Remove-Item C:\PTemp } New-Item -type directory -Path C:\PTemp > $null  Write-Output "`nStart setting folder permissions on:"  $Folders = @(Get-ChildItem -Path $Target -Directory -Recurse | Select-Object -ExpandProperty FullName) foreach ($Item1 in $Folders)  { # Action Write-Output $Item1 $AdjustTokenPrivileges = @" using System; using System.Runtime.InteropServices;   public class TokenManipulator  {   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]   internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,   ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);   [DllImport("kernel32.dll", ExactSpelling = true)]   internal static extern IntPtr GetCurrentProcess();   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]   internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr   phtok);   [DllImport("advapi32.dll", SetLastError = true)]   internal static extern bool LookupPrivilegeValue(string host, string name,   ref long pluid);   [StructLayout(LayoutKind.Sequential, Pack = 1)]   internal struct TokPriv1Luid   {    public int Count;    public long Luid;    public int Attr;   }   internal const int SE_PRIVILEGE_DISABLED = 0x00000000;   internal const int SE_PRIVILEGE_ENABLED = 0x00000002;   internal const int TOKEN_QUERY = 0x00000008;   internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;   public static bool AddPrivilege(string privilege)   {    try    {     bool retVal;     TokPriv1Luid tp;     IntPtr hproc = GetCurrentProcess();     IntPtr htok = IntPtr.Zero;     retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);     tp.Count = 1;     tp.Luid = 0;     tp.Attr = SE_PRIVILEGE_ENABLED;     retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);     retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);     return retVal;    }    catch (Exception ex)    {     throw ex;    }   }   public static bool RemovePrivilege(string privilege)   {    try    {     bool retVal;     TokPriv1Luid tp;     IntPtr hproc = GetCurrentProcess();     IntPtr htok = IntPtr.Zero;     retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);     tp.Count = 1;     tp.Luid = 0;     tp.Attr = SE_PRIVILEGE_DISABLED;     retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);     retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);     return retVal;    }    catch (Exception ex)    {     throw ex;    }   }  } "@ add-type $AdjustTokenPrivileges $Folder = Get-Item $Item1 [void][TokenManipulator]::AddPrivilege("SeRestorePrivilege")  [void][TokenManipulator]::AddPrivilege("SeBackupPrivilege")  [void][TokenManipulator]::AddPrivilege("SeTakeOwnershipPrivilege")  $NewOwnerACL = New-Object System.Security.AccessControl.DirectorySecurity $Admin = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators") $NewOwnerACL.SetOwner($Admin) $Folder.SetAccessControl($NewOwnerACL) # Add folder Admins to ACL with Full Control to descend folder structure $Acl = Get-Acl -Path C:\PTemp $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl $Item1 $Acl }   # Change FILE owners to Admin If (Test-Path C:\PFile) { Remove-Item C:\PFile } New-Item -type file -Path C:\PFile  > $null  Write-Output "`nStart setting file permissions on:"  $Files = @(Get-ChildItem -Path $Target -File -Recurse | Select-Object -ExpandProperty FullName) foreach ($Item2 in $Files) { # Action Write-Output $Item2 $Account = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators") $FileSecurity = new-object System.Security.AccessControl.FileSecurity $FileSecurity.SetOwner($Account) [System.IO.File]::SetAccessControl($Item2, $FileSecurity) # Add file Admins to ACL with Full Control and activate inheritance $PAcl = Get-Acl -Path C:\PFile $PAr = New-Object  system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow") $PAcl.SetAccessRule($PAr) Set-Acl $Item2 $PAcl }  # Clean-up junk Write-Output "`nCleaning up.." rm C:\PTemp, C:\PFile Write-Output "`nAll done :)" 

What I tried so far, with a shorter code block but also without success:

6{# Test Start-Process powershell {Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | Select whenCreated, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}, Name,displayName, sn,  givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"BEL Service Accounts.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"BEL Service Accounts.csv"}}} 
like image 618
DarkLite1 Avatar asked Apr 23 '14 07:04

DarkLite1


People also ask

How do I launch a PowerShell script?

In File Explorer (or Windows Explorer), right-click the script file name and then select "Run with PowerShell". The "Run with PowerShell" feature starts a PowerShell session that has an execution policy of Bypass, runs the script, and closes the session.

How do you call a PowerShell script from the command line?

Running a PowerShell script from the Command Prompt If you would like to run a PowerShell script in CMD, you'll need to execute it by calling the PowerShell process with the -File parameter, as shown below: PowerShell -File C:\TEMP\MyNotepadScript. ps1. PowerShell -File C:\TEMP\MyNotepadScript.


2 Answers

Instead of starting a cmd to start a new powershell instance you can:

start powershell {echo hello} 

To prevent immediate exit of new started powershell:

start powershell {echo hello; Read-Host} 
like image 54
Ghashange Avatar answered Oct 08 '22 16:10

Ghashange


To launch in an external PS window, you can use the following:

invoke-expression 'cmd /c start powershell -Command { [script block here] }' 

E.g.:

invoke-expression 'cmd /c start powershell -Command { write-host "Hi, new window!"; set-location "C:\"; get-childitem ; sleep 3}' 
like image 26
arco444 Avatar answered Oct 08 '22 16:10

arco444