invoke-script throws access denied for the below script.
$Gpassword = '123456' | ConvertTo-SecureString -asPlainText -Force
$Gusername = '.\luser'
$GS = New-Object System.Management.Automation.PSCredential($Gusername,$Gpassword)
$metadata = @'
`$Interface = Get-NetIPAddress | where-object IPAddress -EQ $Oip | select -ExpandProperty interfacealias
write-host [`$Interface]
Remove-NetRoute -InterfaceAlias `$interface -confirm:`$false
Remove-NetIPAddress -InterfaceAlias `$interface -confirm:`$false
New-NetIPAddress -InterfaceAlias `$interface -IPAddress $Ip -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway $gataeway -confirm:`$false
'@
foreach ($data in $Boot)
{
$VM = $data.'Vm name'
$Oip = $data.OldAddress
$Ip = $data.IPAddress
$subnet = $data.SubnetMask
$gataeway = $data.Gateway
$scripttext = $ExecutionContext.InvokeCommand.ExpandString($metadata)
Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $scripttext -GuestCredential $GS
}
the account which i am using is a local administrator account (part of local admin group). By doing the manual testing, figured out its a UAC issue. if i disable UAC on the server, the script execution is fine.
Any suggestion, can this be bypassed through invoke-vmscript (any workaround). Because i wont be able to change UAC on all the machines due to certain restrictions and don't have domain accounts.
If it would be easy to bypass UAC, the whole point of having UAC would be useless!
There are rumours that one could use Scheduled Tasks to run scripts that bypass UAC.
But I don't think the rules of this community allow documenting hacking methods.
Google/Bing are your friends :smileygrin:
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you LucD.
Any suggestion on running Powershell as noninteractive ? will this solve the UAC prompt.
The powershell.exe has a parameter -NonInteractive for that.
For example
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
thank you . will this command address the UAC issue ?
how do i embed the powershell -noninteractive -command for below invoke script ?
Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $scripttext -GuestCredential $GS
The scripts launched via Invoke-VMScript will automatically run with the NonInteractive switch.
And no, as you discovered already, this will not bypass UAC.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The easiest way is to schedule a task, which should be witch 'Run With Highest Privileges' (or Set-ScheduledJobOption -RunElevated) as already mentioned here. There are other methods like creating special dll's/exe's and so on are completely unsafe.
thanks. any example of using invoke-vmscript with schedule tasks to execute remotely ?.
I have tried creating schedule task using invoke-vmscript but that access also getting denied. Am using local admin account to access. Please provide your insights.
Basically i am trying to achieve set new-ip address using invoke-vmscript for my VMs in DR data-store (snap-mirrored). Due to different subnet and no network access to VMs in DR, first i need to set the IP address using invoke-vmscript.
but the script is not getting executed due to UAC issue
LucD lukebes1010