0

I'm trying to create a PS1 script to restart a service in a computer, where the user has no admin right, so i'm trying to execute as de admin user, now i'm trying first to open Notepad, but when I execute this script:

# Define el nombre del servicio, usuario y contraseña
$ServiceName = "ApacheDtdlIdServer"
$AdminUser = "User"
$AdminPassword = "C0ntraseña"
$startWithElevatedRights = "notepad"

# Convierte la contraseña en un SecureString
$SecurePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force

# Crea el objeto de credenciales
$credentials = New-Object System.Management.Automation.PSCredential ($AdminUser, $SecurePassword)

$ps = Start-Process -PassThru -FilePath powershell -Credential $credentials -ArgumentList '-noprofile -command &{Start-Process ',  $startWithElevatedRights, ' -Wait -verb runas}'

$ps.WaitForExit()

I get the error:

Start-Process: This command cannot be executed due to the error: The directory name is > invalid. At C:\Users\IsaacSanzIT\Desktop\Rider\RestartScanner.ps1: 13 Character: 7

I've tried the things that says in other questions in StackOverflow, like this one using the Runas, anyone know how to execute the notepad, or even restart a a service using the admin account? Thanks!

Improve this question
2
  • 1
    The error indicates the ps1 file does not exist or the user do not have access to the file. The file can only be read by an admin or the user IsaacSanzIT. You may need to put the file in a location (like on a shared drive) so all user have access to the file. Commented Jan 13 at 13:13
  • 1
    As an aside: There's no reason to use "& { ... }" in order to invoke code passed to PowerShell's CLI via the -Command (-c) parameter - just use "..." directly. Older versions of the CLI documentation erroneously suggested that & { ... } is required, but this has since been corrected. Commented Jan 13 at 18:50

1 Answer 1

Reset to default
1

  • The error message The directory name is invalid implies that the target process, which by default inherits the caller's working (current) directory, isn't permitted to access that directory.

  • This is a common pitfall when using Start-Process with -Credential, i.e. when launching a process as a different user.[1]

    • To solve this problem, use the -WorkingDirectory parameter to specify a working dir. that the target user is permitted to access; C:\ is usually a safe bet.

Therefore:

$ps = 
  Start-Process -WorkingDirectory C:\ -PassThru -Credential $credentials powershell @"
-noprofile -c Start-Process -Wait -Verb RunAs $startWithElevatedRights
@"

[1] Note that while administrators can usually access all directories that a given user can, this only applies if the process running with the administrator user identity is already elevated. However, because Start-Process doesn't allow you to simultaneously launch a process as another user and with elevation, the outer Start-Process call - the one that uses -Credential - must of necessity create a non-elevated process first, and only in a second step is elevation as that user then possible (the nested Start-Process -Verb RunAs call); see this answer for details.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yeah, that was the problem, the location of the file, thanks for that! I've read in some places that it was due to permissons, but of course location permissons!
Glad to hear it helped, @Zenin0. It's a subtle problem, because it only surfaces situationally. I wish that Start-Process fell back to something like C:\Windows\System32 instead of failing outright.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.