How to run PS1 script from a path that has a pause in it [using Favorite Toolbar Item]?

[Forez]

I have an A-OK working PowerShell script. But despite setting for it as an item on Favorite Toolbars these settings

Define favorite toolbars > Define favorite toolbars > Parameter > Enclose each element with "

Define favorite toolbars > Define favorite toolbars > Run > With "Run as" dialog

Program or folder:
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Parameter:
Start-Process ""C:\portables\! SCRIPTS\test.ps1"" -Verb runAs -WindowStyle Maximized


What am I doing wrong if the above works when changed to

Parameter:
Start-Process PowerShell -Verb runAs -WindowStyle Maximized

[i.e. it opens a PowerShell window]?


I have tried putting that path to my script inside

Code: Select all

" "
"" ""
' '
'' ''

but none of those version have worked

[Forez]

I came up with a workaround in form of using CMD to fire up PowerShell


Program or folder:
C:\Windows\system32\cmd.exe

Parameter:
/c powershell.exe -WindowStyle Maximized -NoProfile -ExecutionPolicy Bypass -File "C:\portables\! SCRIPTS\test.ps1"


But I still would prefer to use PowerShell directly, because that PS1 file being run like that instead of showing colors used by PowerShell utilizes colors used by CMD window

[TK87]

Hi there,

Program or folder:

Code: Select all

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Parameter:

Code: Select all

Start-Process ""C:\portables\! SCRIPTS\test.ps1"" -Verb runAs -WindowStyle Maximized

Start-Process requires a program as FilePath parameter. For a file, otherwise only the default program for the corresponding file type opens. For a ps1 file, this is not Powershell.exe by default, so the script will not be executed.

That would be the right way to do it:

Code: Select all

Start-Process powershell -Verb RunAs -ArgumentList "-WindowStyle Maximized -File 'C:\portables\! SCRIPTS\test.ps1'"

... BUT:

Define favorite toolbars > Define favorite toolbars > Run > With "Run as" dialog

If you use this option, the script is already started with admin rights. There is no reason at all to use "Start-Process -Verb RunAs" to request these rights again.

Just use:

• Option - With "Run As" dialog

• Program

  Code: Select all

  powershell.exe

• Parameter

  Code: Select all

  -WindowStyle Maximized -File "C:\portables\! SCRIPTS\test.ps1"

Regards, Thomas

[Forez]

Somehow I am not able to get anything more than just the PowerShell window showing up with elevated rights

So thank you, but for now I will continue to use my A-OK working workaround

[TK87]

Somehow I am not able to get anything more than just the PowerShell window showing up with elevated rights

Then you must be doing something wrong.

I have saved the following script under the exact same path:

Code: Select all

Using NameSpace System.Security.Principal

Write-Host -NoNewLine "Permissions: "
if ([WindowsPrincipal]::New([WindowsIdentity]::GetCurrent()).IsInRole([WindowsBuiltInRole]::Administrator)) {
  Write-Host -ForegroundColor "green" "elevated."
} else {
  Write-Host -ForegroundColor "red" "limited."
}

Started with the NoExit parameter to keep the window open:


When I start the script, the UAC query comes and the script starts without problems

[Forez]

After creating

C:\portables\! SCRIPTS\test.ps1

with code

Code: Select all

Using NameSpace System.Security.Principal

Write-Host -NoNewLine "Permissions: "
if ([WindowsPrincipal]::New([WindowsIdentity]::GetCurrent()).IsInRole([WindowsBuiltInRole]::Administrator)) {
  Write-Host -ForegroundColor "green" "elevated."
} else {
  Write-Host -ForegroundColor "red" "limited."
}

and using values and options from your screenshot, after executing such Item from my Favorite Toolbar I end up with PowerShell window displaying content

File C:\portables\! SCRIPTS\test.ps1 cannot be loaded because running scripts is disabled on this system. For more
information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
+ CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnauthorizedAccess
PS C:\Windows\system32>

[and the prompt sign]

So I am supposedly limited because running scripts is disabled on this system despite me being able to run various PS1 files all the time

[TK87]

Since you said you were already using powershell, I thought you would be familiar with it as well. By default, the execution of powershell scripts is disabled.

If you have previously executed the scripts via context menu, there the execution policy got bypassed.
You can also do this by adding "-ExecutionPolicy ByPass" to the parameters.

However, it is recommended to set the execution policy to "RemoteSigned" once. This means your local scripts will be executed, but scripts downloaded from the Internet must be signed by a verified publisher.
You can either do this for all users of the computer (but this requires administrator rights):

Code: Select all

Set-ExecutionPolicy RemoteSigned -Force

If you don't have administrator rights, you can also do this for the logged in user only:

Code: Select all

Set-ExecutionPolicy -Scope CurrentUser RemoteSigned -Force

See https://learn.microsoft.com/en-us/power ... rshell-5.1

Regards, Thomas

[Forez]

[...]
I thought you would be familiar with it
[...]

I am just a small time code tweaker

If you have previously executed the scripts via context menu, there the execution policy got bypassed.

You mean the shell menu of the operating system? So far I never had any script added to it

You can also do this by adding "-ExecutionPolicy ByPass" to the parameters.

When using as Parameter

Code: Select all

-ExecutionPolicy ByPass -NoLogo -NoExit -File "C:\portables\! SCRIPTS\test.ps1"

I finally get to see an elevated PowerShell window with that script having been executed, thank you

However, it is recommended to set the execution policy to "RemoteSigned" once. This means your local scripts will be executed, but scripts downloaded from the Internet must be signed by a verified publisher.
[...]

So Windows differentiates between downloaded files [and those copied from a e.g. thumbdrvive] based on I-forgot-how-it-is-called-as-I-vaguely-just-remembered-it-exists-at-all feature?

But how does the system validates a PS1 file? Is it not possible to just open PS1 file in Notepad to maliciously adjust it - and then put it on the Internet posing as Verified publisher?

[TK87]

If you have previously executed the scripts via context menu, there the execution policy got bypassed.

You mean the shell menu of the operating system? So far I never had any script added to it

You said...

I have an A-OK working PowerShell script.

... so how did you confirm that your script was working ok? Somehow you must have executed it before. I guessed that you used the option from the context menu to do this (right click on the .ps1 file and then "Run with Powershell").

So Windows differentiates between downloaded files [and those copied from a e.g. thumbdrvive] based on I-forgot-how-it-is-called-as-I-vaguely-just-remembered-it-exists-at-all feature?

Yes. If you download a program or script from the Internet (this includes mail clients and instant messangers), Windows adds an appropriate file attribute to the file.
These programs or scripts can then only be executed if they are either signed by a verified publisher or the block status has been manually removed.

Since code-signing certificates cost money, many manufacturers of free programs circumvent this problem by making the program only available for download in zipped form. If you unzip the file, Windows will not be able to determine where the program came from.

But how does the system validates a PS1 file? Is it not possible to just open PS1 file in Notepad to maliciously adjust it - and then put it on the Internet posing as Verified publisher?

Signing a script is the same as signing a program. A signature block is attached to the script, which is generated from the SSL certificate and the hash value of the script. You can open and edit the .ps1 file, but as soon as you change even a single character, the signature becomes invalid and the script must be re-signed.

If you want to try it yourself, chocolatey has a signed installscript for example: https://community.chocolatey.org/install.ps1
Save it and look at the digital signature in the file properties. Then change it and look at it again. The digital signature becomes invalid.



Regards, Thomas

[Forez]

If you have previously executed the scripts via context menu, there the execution policy got bypassed.

You mean the shell menu of the operating system? So far I never had any script added to it

You said...

I have an A-OK working PowerShell script.

... so how did you confirm that your script was working ok? Somehow you must have executed it before. I guessed that you used the option from the context menu to do this (right click on the .ps1 file and then "Run with Powershell").

I was referring to inserting a permanent entry in the shell menu, so that a user can quickly select it from there for a convenient usage


Thank you for educating me about digital signatures