Standard user launching a command with elevated credentials

I needed standard users to be able to run certain executables with administrator credentials, but ideally without wanting to give them an administrator account and password, and certainly without adding them to the Administrators group. I also needed a log of the commands run with elevated credentials, which is what led me to this method.

I’m using the Application event log and the Task Scheduler. The problem with this method is that when Task Scheduler launches a process as a different user to that currently logged on on the console, the launched process cannot interact with the desktop. Sadly there’s no way around this that I’m away of, which is a shame.

This method might still be useful though if the users just need to run command line utilities and can redirect the output to a text or log file.

Step One – Create a new event source

This allows us to filter out events easily later, and makes the logged commands easy to find. From an Administrator PowerShell prompt issue the following command:

New-EventLog -LogName Application -Source "RunElevated"

Step Two – Create a scheduled task

Open Task Scheduler, create a basic task called RunElevated.
The trigger is When a specific event is logged.
The log is Application, the source is RunElevated, the Event ID is 1.
The action is Start a program.
For Program/script we’re using the full path to powershell.exe: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
The argument is a PowerShell one liner to pick the event Message data out of the most recent RunElevated event to be logged to the Application event log, and execute the data:

&(Get-WinEvent -FilterHashtable @{logname='application'; providername='RunElevated'} -MaxEvents 1).Message

Finally, edit the new scheduled task and choose the administrator account that you want the task to run as, select Run whether user is logged on or not and Run with highest privileges. When you click OK you’ll be prompted for the account’s password.

Step three

Now, as a regular user, we’re going to write a command line to the Application event log using PowerShell:

Write-EventLog -LogName Application -Source "RunElevated" -EntryType Information -EventId 1 -Message "C:\windows\system32\notepad.exe"

This gives us an event that looks like this:

Log Name:      Application
Source:        RunElevated
Date:          31/05/2016 14:29:55
Event ID:      1
Task Category: (1)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Laptop001.rcmtech.co.uk
Description:
C:\windows\system32\notepad.exe

The task should trigger and you’ll see notepad running (hidden) as the admin user you specified when creating the scheduled task. Note terribly handy, but somebody might have a use for this method!

This entry was posted in PowerShell, Windows and tagged , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s