Running RSAT Tools as another user using Powershell

0

What I try to accomplish is running some RSAT Tools out of a Powershell-Script as another user (Domain-Admin).

Here is my run code:

Start-Process -FilePath "C:\Windows\system32\mmc.exe" -ArgumentList "C:\Windows\system32\gpmc.msc" -Credential (Get-Credential -Credential MYDOMAIN\myadminuser)

And what I get is an error which says: this command can only be initiated with elevated privileges. Now that tells me that I had to run the script using an admin-user becaus of UAC limitations, which is exactly not what I try to accomplish.

Has anybody a helping input for me?

Thanks!

EDIT

To make it more clear I attached the whole script.

$title = "Windows 8.1 RSAT Tools"
$message = "Verwaltungskonsole"

$ad = New-Object System.Management.Automation.Host.ChoiceDescription "&AD Verwaltung", `
"Active Directory-Benutzer und -Computer"

$gpo = New-Object System.Management.Automation.Host.ChoiceDescription "&GPO Verwaltung", `
"Gruppenrichtlinienverwaltung"

$options = [System.Management.Automation.Host.ChoiceDescription[]]($ad, $gpo)

$result = $host.ui.PromptForChoice($title, $message, $options, 0) 

switch ($result)
{
    0 
    {
    Start-Process -Verb RunAs -FilePath "C:\windows\system32\mmc.exe" -ArgumentList "C:\windows\system32\dsa.msc" -Credential (Get-Credential -Credential MYDOMAIN\myadminuser)
    }
    1 
    {
    Start-Process -Verb RunAs -FilePath "C:\windows\system32\mmc.exe" -ArgumentList "C:\windows\system32\gpmc.msc" -Credential (Get-Credential -Credential MYDOMAIN\myadminuser)
    }
}

Langhard

Posted 2013-12-05T06:42:25.850

Reputation: 560

Answers

1

This may boil down to two problems:

  • The tool actually needs to run elevated, because otherwise it is not allowed to do the changes it needs to do. This is usually the case when you run the tool on the machine locally and do changes specific to that machine. In that case you need to elevate the console before you run the command. This can be done directly from powershell using: 

    $newProcess = New-Object System.Diagnostics.ProcessStartInfo "powershell";
#Indicate that the process should be elevated
$newProcess.Verb = "runas";
#Start the new process
[System.Diagnostics.Process]::Start($newProcess) | Out-Null

Source here.

  • The tool is improperly configured and only running as the appropriate user would be enough to do the changes you require. This is usually the case when managing remote server by the tool. In that case you may modify how the command is started (asAdmin, asInvoke, asHighest) using application compatibility toolkit (download) and applying RunAsInvoker fix to the executable.
    • Open the Compatibility administrator
    • create new fix in the current database
    • set the path to the executable
    • from the list of the fixes select RunAsInvoker, click preferences and in the module editBox type * and click add
    • save the database and install it by right clicking it

Unfortunately this won't work for MMC.

nohwnd

Posted 2013-12-05T06:42:25.850

Reputation: 151

Thank you nohwnd for your answer! I actually already tried the first part in the meanwhile but it didn't work. I will have a look at the second part of your answer and get back to it! – Langhard – 2013-12-05T12:47:25.610

What tool exactly are we talking about? – nohwnd – 2013-12-05T12:56:19.497

The tool is mmc.exe and the console i am trying to open is either the active directory or the gpo console. (dsa.msc / gpmc.msc). Also just to mention, i can run the program with shift-righclick and then enter my domain-admins credentials without problems but i would like to have a powershell script with a menu for other admin-users where they can choose the console they need and get prompted for credentials. – Langhard – 2013-12-05T13:01:32.553

Asked: 2013-12-05T06:42:25.850

Viewed: 2 429 times

Active: 2013-12-05T13:22:04.047