0

I am facing a peculiar setup, where I need to use local administrator on a windows machine. The instructions are as follows:

  1. Shift-right-click the cmd or Powershell shortcut
  2. Select "Run as Administrator"
  3. In the resulting UAC screen, authenticate as a domain user different from the current user. The domain user name is difficult to remember, so we have to keep it on postit notes.
  4. Do your thing

I'd like to be able to skip step 1, and ideally perform the auth on the command line (avoiding the UAC).

My ideal flow would be:

  1. Open Powershell or Cmd console
  2. Type a privileged command, including the privileged domain nalme
  3. Type the password on the same console (without the domain user)
  4. Do your thing

Based on some searching, I've tried runas /netonly, but it is not the same.

ddimitrov
  • 103
  • 3

1 Answers1

1

I bet any malware wants to just open up a console ant type privileged commands. That's why this is not (directly) possible.

You can, however, just ask for credentials through Get-Credential and use the object later in the script to authenticate things.

For example, like this:

Get-Credential -Message "Credential for access to <whatever>" -User .\administrator

It will look like this:

PowerShell Credential Request
Credential for access to <whatever>
Password for user .\administrator:

Then you can use the object to do stuff:

Get-WmiObject -Class Win32_BIOS -Computer LOCALHOST -Credential $cred
bjoster
  • 4,423
  • 5
  • 22
  • 32
  • I take it that this means no cmd command (i.e. I need to drop to .net/com level). Could you point me to any technical article about what happens when I click "run as admin" and authenticating on UAC vs what happens when I use runas? – ddimitrov Nov 08 '20 at 05:30