自提升PowerShell脚本

视窗 8.1/PowerShell 4.0+

一行:)

if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }

# Your script here

我还没见过自己的方法，所以，试试这个。它更容易遵循，占用的空间也更小:

if([bool]([Security.Principal.WindowsIdentity]::GetCurrent()).Groups -notcontains "S-1-5-32-544") {
    Start Powershell -ArgumentList "& '$MyInvocation.MyCommand.Path'" -Verb runas
    }

很简单，如果使用管理员权限调用当前Powershell会话，那么在获取当前标识时，管理员组已知SID将显示在组中。即使帐户是该组的成员，SID也不会显示，除非使用提升的凭据调用流程。

几乎所有这些答案都是微软本·阿姆斯特朗(Ben Armstrong)非常流行的方法的变体，即如何在不真正掌握实际操作的情况下完成它，以及如何模仿相同的程序。

这种行为是经过设计的。因为微软真的不想让.ps1文件成为最新的电子邮件病毒，所以有多层安全措施。有些人认为这与任务自动化的概念相悖，这是公平的。Vista+安全模型是“去自动化”的，这样用户就可以接受。

但是，我怀疑如果你启动powershell本身作为提升，它应该能够运行批处理文件，而不需要再次要求密码，直到你关闭powershell。

我正在使用下面的解决方案。它通过转录特性处理stdout/stderr，并将退出码正确地传递给父进程。您需要调整文本路径/文件名。

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{ 
  echo "* Respawning PowerShell child process with elevated privileges"
  $pinfo = New-Object System.Diagnostics.ProcessStartInfo
  $pinfo.FileName = "powershell"
  $pinfo.Arguments = "& '" + $myinvocation.mycommand.definition + "'"
  $pinfo.Verb = "RunAs"
  $pinfo.RedirectStandardError = $false
  $pinfo.RedirectStandardOutput = $false
  $pinfo.UseShellExecute = $true
  $p = New-Object System.Diagnostics.Process
  $p.StartInfo = $pinfo
  $p.Start() | Out-Null
  $p.WaitForExit()
  echo "* Child process finished"
  type "C:/jenkins/transcript.txt"
  Remove-Item "C:/jenkins/transcript.txt"
  Exit $p.ExitCode
} Else {
  echo "Child process starting with admin privileges"
  Start-Transcript -Path "C:/jenkins/transcript.txt"
}

# Rest of your script goes here, it will be executed with elevated privileges

您可以创建一个批处理文件(*.bat)，在双击时使用管理权限运行powershell脚本。通过这种方式，您不需要更改powershell脚本中的任何内容。要做到这一点，创建一个与powershell脚本名称和位置相同的批处理文件，然后将以下内容放入其中:

@echo off

set scriptFileName=%~n0
set scriptFolderPath=%~dp0
set powershellScriptFileName=%scriptFileName%.ps1

powershell -Command "Start-Process powershell \"-ExecutionPolicy Bypass -NoProfile -NoExit -Command `\"cd \`\"%scriptFolderPath%`\"; & \`\".\%powershellScriptFileName%\`\"`\"\" -Verb RunAs"

就是这样!

下面是解释:

假设powershell脚本位于路径C:\Temp\ScriptTest。ps1，您的批处理文件必须有路径C:\Temp\ScriptTest.bat。当有人执行这个批处理文件时，会发生以下步骤:

The cmd will execute the command powershell -Command "Start-Process powershell \"-ExecutionPolicy Bypass -NoProfile -NoExit -Command `\"cd \`\"C:\Temp\`\"; & \`\".\ScriptTest.ps1\`\"`\"\" -Verb RunAs" A new powershell session will open and the following command will be executed: Start-Process powershell "-ExecutionPolicy Bypass -NoProfile -NoExit -Command `"cd \`"C:\Temp\`"; & \`".\ScriptTest.ps1\`"`"" -Verb RunAs Another new powershell session with administrative privileges will open in the system32 folder and the following arguments will be passed to it: -ExecutionPolicy Bypass -NoProfile -NoExit -Command "cd \"C:\Temp\"; & \".\ScriptTest.ps1\"" The following command will be executed with administrative privileges: cd "C:\Temp"; & ".\ScriptTest.ps1" Once the script path and name arguments are double quoted, they can contain space or single quotation mark characters ('). The current folder will change from system32 to C:\Temp and the script ScriptTest.ps1 will be executed. Once the parameter -NoExit was passed, the window wont be closed, even if your powershell script throws some exception.

提升PowerShell from Start>运行

在2012R2或2016年，你不能在没有炮击两次的情况下使用“run”命令运行elevated powershell:

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell -命令"saps powershell -Verb RunAs "