Page 1 of 1
How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 24.07.2023, 23:17
by Forez
I have an A-OK working PowerShell script. But despite setting for it as an item on
Favorite Toolbars these settings
Define favorite toolbars > Define favorite toolbars > Parameter > Enclose each element with "
Define favorite toolbars > Define favorite toolbars > Run > With "Run as" dialog
Program or folder:
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Parameter:
Start-Process ""C:\portables\! SCRIPTS\test.ps1"" -Verb runAs -WindowStyle Maximized
What am I doing wrong if the above works when changed to
Parameter:
Start-Process PowerShell -Verb runAs -WindowStyle Maximized
[i.e. it opens a PowerShell window]?
I have tried putting that path to my script inside
but none of those version have worked
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 30.08.2023, 15:15
by Forez
I came up with a workaround in form of using CMD to fire up PowerShell
Program or folder:
C:\Windows\system32\cmd.exe
Parameter:
/c powershell.exe -WindowStyle Maximized -NoProfile -ExecutionPolicy Bypass -File "C:\portables\! SCRIPTS\test.ps1"
But I still would prefer to use PowerShell directly, because that PS1 file being run like that instead of showing colors used by PowerShell utilizes colors used by CMD window
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 17.10.2023, 00:29
by TK87
Hi there,
Forez wrote: 24.07.2023, 23:17
Program or folder:
Code: Select all
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Code: Select all
Start-Process ""C:\portables\! SCRIPTS\test.ps1"" -Verb runAs -WindowStyle Maximized
Start-Process requires a program as FilePath parameter. For a file, otherwise only the default program for the corresponding file type opens. For a ps1 file, this is not Powershell.exe by default, so the script will not be executed.
That would be the right way to do it:
Code: Select all
Start-Process powershell -Verb RunAs -ArgumentList "-WindowStyle Maximized -File 'C:\portables\! SCRIPTS\test.ps1'"
Define favorite toolbars > Define favorite toolbars > Run > With "Run as" dialog
If you use this option, the script is already started with admin rights. There is no reason at all to use "
Start-Process -Verb RunAs" to request these rights again.
Just use:
- Option - With "Run As" dialog
- Parameter
Code: Select all
-WindowStyle Maximized -File "C:\portables\! SCRIPTS\test.ps1"
Regards, Thomas
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 17.10.2023, 13:40
by Forez
Somehow I am not able to get anything more than just the PowerShell window showing up with elevated rights
So thank you, but for now I will continue to use my A-OK working workaround
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 17.10.2023, 15:02
by TK87
Forez wrote: 17.10.2023, 13:40
Somehow I am not able to get anything more than just the PowerShell window showing up with elevated rights
Then you must be doing something wrong.
I have saved the following script under the exact same path:
Code: Select all
Using NameSpace System.Security.Principal
Write-Host -NoNewLine "Permissions: "
if ([WindowsPrincipal]::New([WindowsIdentity]::GetCurrent()).IsInRole([WindowsBuiltInRole]::Administrator)) {
Write-Host -ForegroundColor "green" "elevated."
} else {
Write-Host -ForegroundColor "red" "limited."
}
Started with the
NoExit parameter to keep the window open:
When I start the script, the UAC query comes and the script starts without problems
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 22.10.2023, 19:40
by Forez
After creating
C:\portables\! SCRIPTS\test.ps1
with code
Code: Select all
Using NameSpace System.Security.Principal
Write-Host -NoNewLine "Permissions: "
if ([WindowsPrincipal]::New([WindowsIdentity]::GetCurrent()).IsInRole([WindowsBuiltInRole]::Administrator)) {
Write-Host -ForegroundColor "green" "elevated."
} else {
Write-Host -ForegroundColor "red" "limited."
}
and using values and options from your screenshot, after executing such
Item from my
Favorite Toolbar I end up with PowerShell window displaying content
File C:\portables\! SCRIPTS\test.ps1 cannot be loaded because running scripts is disabled on this system. For more
information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
+ CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnauthorizedAccess
PS C:\Windows\system32>
[and the prompt sign]
So I am supposedly limited because
running scripts is disabled on this system despite me being able to run various
PS1 files all the time
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 22.10.2023, 20:33
by TK87
Since you said you were already using powershell, I thought you would be familiar with it as well. By default, the execution of powershell scripts is disabled.
If you have previously executed the scripts via context menu, there the execution policy got bypassed.
You can also do this by adding "
-ExecutionPolicy ByPass" to the parameters.
However, it is recommended to set the execution policy to "
RemoteSigned" once. This means your local scripts will be executed, but scripts downloaded from the Internet must be signed by a verified publisher.
You can either do this for all users of the computer (but this requires administrator rights):
Code: Select all
Set-ExecutionPolicy RemoteSigned -Force
If you don't have administrator rights, you can also do this for the logged in user only:
Code: Select all
Set-ExecutionPolicy -Scope CurrentUser RemoteSigned -Force
See
https://learn.microsoft.com/en-us/power ... rshell-5.1
Regards, Thomas
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 23.10.2023, 19:55
by Forez
TK87 wrote: 22.10.2023, 20:33
[...]
I thought you would be familiar with it
[...]
I am just a small time code tweaker
TK87 wrote: 22.10.2023, 20:33
If you have previously executed the scripts via context menu, there the execution policy got bypassed.
You mean the shell menu of the operating system? So far I never had any script added to it
TK87 wrote: 22.10.2023, 20:33
You can also do this by adding "
-ExecutionPolicy ByPass" to the parameters.
When using as
Parameter
Code: Select all
-ExecutionPolicy ByPass -NoLogo -NoExit -File "C:\portables\! SCRIPTS\test.ps1"
I finally get to see an elevated PowerShell window with that script having been executed, thank you
TK87 wrote: 22.10.2023, 20:33
However, it is recommended to set the execution policy to "
RemoteSigned" once. This means your local scripts will be executed, but scripts downloaded from the Internet must be signed by a verified publisher.
[...]
So Windows differentiates between downloaded files [and those copied from a e.g. thumbdrvive] based on I-forgot-how-it-is-called-as-I-vaguely-just-remembered-it-exists-at-all feature?
But how does the system validates a
PS1 file? Is it not possible to just open
PS1 file in Notepad to maliciously adjust it - and then put it on the Internet posing as Verified publisher?
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 23.10.2023, 20:39
by TK87
Forez wrote: 23.10.2023, 19:55
TK87 wrote: 22.10.2023, 20:33
If you have previously executed the scripts via context menu, there the execution policy got bypassed.
You mean the shell menu of the operating system? So far I never had any script added to it
You said...
I have an A-OK working PowerShell script.
... so how did you confirm that your script was working ok? Somehow you must have executed it before. I guessed that you used the option from the context menu to do this (right click on the .ps1 file and then "Run with Powershell").
So Windows differentiates between downloaded files [and those copied from a e.g. thumbdrvive] based on I-forgot-how-it-is-called-as-I-vaguely-just-remembered-it-exists-at-all feature?
Yes. If you download a program or script from the Internet (this includes mail clients and instant messangers), Windows adds an appropriate file attribute to the file.
These programs or scripts can then only be executed if they are either signed by a verified publisher or the block status has been manually removed.
Since code-signing certificates cost money, many manufacturers of free programs circumvent this problem by making the program only available for download in zipped form. If you unzip the file, Windows will not be able to determine where the program came from.
But how does the system validates a PS1 file? Is it not possible to just open PS1 file in Notepad to maliciously adjust it - and then put it on the Internet posing as Verified publisher?
Signing a script is the same as signing a program. A signature block is attached to the script, which is generated from the SSL certificate and the hash value of the script. You can open and edit the .ps1 file, but as soon as you change even a single character, the signature becomes invalid and the script must be re-signed.
If you want to try it yourself, chocolatey has a signed installscript for example:
https://community.chocolatey.org/install.ps1
Save it and look at the digital signature in the file properties. Then change it and look at it again. The digital signature becomes invalid.
Regards, Thomas
Re: How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?
Posted: 17.11.2023, 18:13
by Forez
TK87 wrote: 23.10.2023, 20:39
Forez wrote: 23.10.2023, 19:55
TK87 wrote: 22.10.2023, 20:33
If you have previously executed the scripts via context menu, there the execution policy got bypassed.
You mean the shell menu of the operating system? So far I never had any script added to it
You said...
I have an A-OK working PowerShell script.
... so how did you confirm that your script was working ok? Somehow you must have executed it before. I guessed that you used the option from the context menu to do this (right click on the .ps1 file and then "Run with Powershell").
I was referring to inserting a permanent entry in the shell menu, so that a user can quickly select it from there for a convenient usage
Thank you for educating me about digital signatures