1
I have inherited a legacy Citrix 6.5 system running on Windows Server 2008. Yes I know this stack isn't for server questions but my feeling is that this workstation question as the server is used for running virtual sessions.
The quirk: PowerShell is launched by a normal user without selecting the administrator option:
It launches and briefly shows just "Windows PowerShell" in the title but then somehow switches to "Administrator: Windows PowerShell":
And the shell really is in administrator mode, i.e. I can create files in the C:\Windows folder, e.g. "Hello, World" > C:\Windows\Test.txt
This is a huge security hole esp. as the server is locked down for users as is common in Citrix environments.
I know about Microsoft.PowerShell_profile.ps1 in the documents folder running when PowerShell launches - that's not there. I've also checked the shortcut to check it's not configured to run as administrator - it's not.
Is there another shared PowerShell script run on start-up for everyone? Like a global start-up script? Anything in the registry that might create this?
It's got me stumped!
LATER:
May have found it - all users have been added to the local Administrators group.
munrobasher
Posted 2019-02-27T10:27:51.027
Reputation: 640
"Is there another shared PowerShell script run on start-up for everyone?" - There are several PowerShell profiles. Are you by chance logged in as the built-in Administrator on the Server? Be sure you edit your question, instead of responding with a comment, so the entire class can benefit from the additional information. – Ramhound – 2019-02-27T10:47:03.850
if you just run
$profilein PowerShell you may get a path returned where the loaded profile is located – SimonS – 2019-02-27T10:52:47.560Thanks for the heads up on $Profile - that's allowed me to ascertain where PS is looking for the profile script. Not present for the test user I'm looking at – munrobasher – 2019-02-27T11:11:32.447
Ramhound - yes, the administrator is currently logged on to the server in another session. I'll log them off. Aside from the $Profiles folder mentioned above, where else as profiles stored? This is the execution policy: https://i.imgur.com/tUkcdRv.png
– munrobasher – 2019-02-27T11:13:08.027This one might be as a simple as "All users have been added to the local administrators" group. I assumed that apps only launched in admin mode if you selected the relevant option but maybe Windows 7/Windows 2008 did it differently back then. So next problem is why did the previous support person add everyone as admin - the answer been "Because nobody can logon" you remove it. Ohh can of worms... – munrobasher – 2019-02-27T15:04:58.063
1Verified: Running PowerShell from Administrator account on WS2008 displays "Administrator:" in the title bar. – harrymc – 2019-02-27T19:25:41.947
to be really sure if the shell is in admin mode, run this:
[Security.Principal.WindowsPrincipal]::New([Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)if it returnstrueyou really are in admin mode, iffalseyou are not. I'm not sure if this already worked in PS3.0 but please try it. – SimonS – 2019-02-28T10:07:36.817