Powershell: How to enter a remote PSSession as elevated user

Created on 18 Dec 2018 · 6Comments · Source: PowerShell/PowerShell

I tried to add one windows capability on my server,
But it show me Access is denied, and of course it runs well on local console which run powershell as administrator.

If we use sysinternals tool which is psexec.exe to remote a machine , we can give it a -h parameter , that let us to run cmd with the account's elevated token.

So the question is whether PowerShell has a similar way to enter a remote session ?
If the answer is no , is there any other way to implement ?

deny

Issue-Question Resolution-Answered Resolution-Duplicate

Source

tlsalex

Most helpful comment

$name='Capability'
Register-ScheduledJob -Name $name -ScriptBlock {add-WindowsCapability -Online -Name "Tools.Graphics.DirectX~~~~0.0.1.0"} -RunNow
Start-Sleep 2
Wait-Job $name
Unregister-ScheduledJob $name -force

PS > get-WindowsCapability -Online -Name '*Tools.Graphics*'|select name,State

Name                                  State
----                                  -----
Tools.Graphics.DirectX~~~~0.0.1.0 Installed

he852100 on 5 Nov 2019

🎉1 😄1

All 6 comments

And how to enter a elevated user mode after you already inside a remote PSSession when we need to do some important task that required elevated privileges?

Or in other words, just like in linux , log in with a normal account , when elevated privileges is required, we can use sudo , or switch to root user.

tlsalex on 18 Dec 2018

sudo discussion #3232

iSazonov on 18 Dec 2018

Run sshd elevated.

tdaniely on 20 Dec 2018

@iSazonov

This seems to be two different needs. Even with administrator rights, remote login sits without a way to execute the command successfully

这好像是两种不同的需求。即使拥有管理员权限,远程登录也没有办法执行成功这个命令

PS C:\Users\Administrator> Add-WindowsCapability -Online -Name "Tools.Graphics.DirectX~~~~0.0.1.0"
Add-WindowsCapability : 拒绝访问。
所在位置 行:1 字符: 1                                           
+ Add-WindowsCapability -Online -Name "Tools.Graphics.DirectX~~~~0.0.1. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Add-WindowsCapability], COMException
+ FullyQualifiedErrorId : Microsoft.Dism.Commands.AddWindowsCapabilityCommand

https://social.technet.microsoft.com/Forums/windows/en-US/f2a30b2b-d166-47fa-a208-f41793f75699/unable-remotely-install-feature-by-powershell?forum=winserversetup

The remote session could not obtain NT AUTHORITY\SYSTEM permissions. Its highest authority is the administrator

he852100 on 3 Nov 2019

$name='Capability'
Register-ScheduledJob -Name $name -ScriptBlock {add-WindowsCapability -Online -Name "Tools.Graphics.DirectX~~~~0.0.1.0"} -RunNow
Start-Sleep 2
Wait-Job $name
Unregister-ScheduledJob $name -force

PS > get-WindowsCapability -Online -Name '*Tools.Graphics*'|select name,State

Name                                  State
----                                  -----
Tools.Graphics.DirectX~~~~0.0.1.0 Installed

he852100 on 5 Nov 2019

🎉1 😄1

This issue has been marked as duplicate and has not had any activity for 1 day. It has been closed for housekeeping purposes.