Chris Gillum
Chris Gillum

Reputation: 15052

How to run a PowerShell script from C# as non-elevated user

I'm trying to run a PowerShell script from a C# application and I need the script to run when my C# app is running as a non-admin user (e.g. Network Service or some other domain account).

Previously, I was using the following code:

using (RunspaceInvoke invoker = new RunspaceInvoke())
{
    // load the powershell module
    invoker.Invoke("Import-Module MyModule");

    // run the cmdlet defined in the module 
    invoker.Invoke("MyCmdlet");
}

I don't know whether this is the best approach for running cmdlets defined in a module (please teach me if there's a better way!). In any case, this works perfectly if I'm running as an administrative user. I tried running this as Network Service, however, and I got an unfriendly error in the constructor of RunspaceInvoke:

Requested registry access is not allowed.

Is there a way I can run my PowerShell cmdlets as a non-elevated user such as Network Service? I do not need or desire to access the registry. The cmdlet itself also does not require elevated privileges.

Upvotes: 10

Views: 8726

Answers (4)

John Weldon
John Weldon

Reputation: 40789

Can you use SysInternals procmon tool to see what Registry access it's trying to accomplish? Maybe that will give you some insight as to what you could do to solve the problem.

Upvotes: 0

AndyPook
AndyPook

Reputation: 2889

We use a version of the below. The "script" parameter is the PS script to run. We use this from a custom command line so that we can mix c# commands with some written in PS. "results" can be used to capture the evaluation of your script. The "out-default" line means that the output of the PS script is written to the console. A version of this can instead capture the output to a TextBox or similar if you have a WinForm of WPF app.

public void run(string script)
{
    IEnumerable<PSObject> results;
    var config = RunspaceConfiguration.Create();
    var host = new ScriptHost();
    using (var runspace = RunspaceFactory.CreateRunspace(host, config))
    {
        runspace.Open();
        runspace.SessionStateProxy.SetVariable("prog", this);

        using (var pipeline = runspace.CreatePipeline())
        {
            if (!string.IsNullOrEmpty(scriptPath))
                pipeline.Commands.AddScript(string.Format("$env:path = \"{0};\" + $env:path", scriptPath));

            pipeline.Commands.AddScript(script);

            var outDefault = new Command("out-default");
            outDefault.MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
            pipeline.Commands.Add(outDefault);

            results = pipeline.Invoke();
        }
    }
}

Upvotes: 2

pm100
pm100

Reputation: 50210

more on lkaso answer

this shows you how to run it as anybody, not just admin. YOu have to run it as somebody, the service is running as a heavily restricted account that cannot do anything.

or run the service itself as joe user

Upvotes: 0

Ikaso
Ikaso

Reputation: 2268

I think that this entry will answer your question.

Upvotes: -1

Related Questions