Kaseya Community

Run as user with elevated permissions.

This question is answered

I am trying to create a procedure that will install software on Windows machines from within the current users "session" but it needs to run with elevated/administrator permissions. The installer needs to be able to interact with the users session to display windows/messages and accept user input.

I am unable to use (as far as I am aware) "useCredential" or "impersonateUser" as this will launch the application in the specified account's session and the user is then not able to interact with the application. Same goes for "Execute as System".

I have tried "executeFile" and "executeShellCommand" with various options but have not yet found an acceptable solution.

Disabling UAC is not an option nor is granting the user admin rights using "giveCurrentUserAdminRights". Nor is specifying an administrators credentials in plain text, eg, RunAs within the ShellCommand string.

Has anyone been able to  formulate a procedure to accomplish this?

Verified Answer
  • I have this working.

    It can be done by dropping in a cmdline tool and some VBS.

    I'll have to check if its ok to post the secret sauce.

  • Thanks Trevor, that would be great! I thought that might be the case.

    Feel free to message me directly if you don't want it out in the open :)

All Replies
  • I have this working.

    It can be done by dropping in a cmdline tool and some VBS.

    I'll have to check if its ok to post the secret sauce.

  • Thanks Trevor, that would be great! I thought that might be the case.

    Feel free to message me directly if you don't want it out in the open :)

  • I would be interested in the solution as well.

  • Not exactly the ask, but I have seen procedures that promotes (add the current user to the Administrators group via cmd line or PS commands) for a short period of time to do the install.  Then either Pause or schedule another procedure as the final step which demotes them to run in 5 or 10 mins.  Not sure how else you can have it run as one user with the authority of another.

    I too would be interested in solution.

  • Jared and I are also aware of the temporary promotion to administrator option, but as per the OP:

    "Disabling UAC is not an option nor is granting the user admin rights using "giveCurrentUserAdminRights". Nor is specifying an administrators credentials in plain text, eg, RunAs within the ShellCommand string."

    Jared is trying out the info that i sent to him, and i think he will achieve his goal. After that I will see if i can put together a clean proof of concept script that opens cmd, PS_ISE or notepad, etc. The issue there is that after today I am booked up solid for a couple of weeks.

  • I also like to know how to do this please.