Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using Invoke-Command to run Start-Process in an elevated session

Tags:

powershell

elevated-privileges

powershell-remoting

As a precursor to running an installation file on several remote servers, I need to update the Powershell setting MaxMemoryPerShellMB. This requires running a PS session as Administrator on the remote server. I have been trying to run Invoke-Command which then runs a ScriptBlock consisting of a Start-Process command which includes the -Verb RunAs parameter. Nothing seems to work, however.

I have tried with various quoting schemes, single, double, triple, but nothing seems to work.

I've tried running the Start-Process from an Enter-PSSession, with the same results.

Following is the code I'm testing now:

$creds = Get-Credential -Username 'DOMAIN\userID' -Message "Enter Username and Password to access the remote servers."

$ScriptBlock = {
    Start-Process -FilePath Powershell.exe -ArgumentList """Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024""" -Verb RunAs -Wait 
}
Invoke-Command -ComputerName testsvr01 -Credential $creds -ScriptBlock $ScriptBlock

I should be able to RDP to the remote server and run Get-Item WSMan:\localhost\Shell and have it show the updated value, but the value isn't changed.

When running the code it pauses for a second when the Invoke-Command runs, but other than that, there is no feedback in Powershell.

On the remote server I see the following two Kerberos errors in the System Event log.

0x19 KDC_ERR_PREAUTH_REQUIRED,

0xd KDC_ERR_BADOPTION

Any help is greatly appreciated.

like image 573
Noobux Avatar asked May 29 '26 00:05

Noobux

1 Answers

> powershell.exe -?
...
EXAMPLES
...
PowerShell -Command "& {Get-EventLog -LogName security}"

-Command
...
 To write a string that runs a Windows PowerShell command, use the format:
    "& {<command>}"
where the quotation marks indicate a string and the invoke operator (&)
causes the command to be executed.

So you could try to call Set-Item in the following way:

$ScriptBlock = {
    Start-Process -FilePath Powershell.exe -ArgumentList "-Command"," &{ Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024 }" -Verb RunAs -Wait -PassThru
}
$process = Invoke-Command -ComputerName testsvr01 -Credential $creds -ScriptBlock $ScriptBlock
$process.ExitCode

I'm also returning a process object via -PassThru on which you might check the `ExitCode``

Hope that helps

like image 125
Moerwald Avatar answered Jun 01 '26 19:06

Moerwald
Sign in to Comment

Related questions

How do you modify existing SharePoint sites?
Use powershell to create queries in MS-Access
Powershell - How to get window screenshot while screen is locked?
powershell join scriptblocks
Array and array member methods
Bypass Confirm Action Dialog Box
Is it possible to set a users memberOf property in Active Directory using Powershell
How to set password during automated SSAS Tabular deployment?
Directory size error
Powershell still prompting for credential even when using System.Management.Automation.PSCredential
What is the purpose of powershell refusing to load any local ps1 scripts, when this is trivial to circumvent?
How best to speed up powershell processing time (compare-object)
Creating and saving function in powershell for global use
Compare two strings using Visual Studio Code?
Accessing Microsoft Graph With PowerShell
Inline expansion of powershell variable as cmdlet parameter?
Weird command line behavior in Powershell

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!