Reputation: 15052
I'm trying to run a PowerShell script from a C# application and I need the script to run when my C# app is running as a non-admin user (e.g. Network Service or some other domain account).
Previously, I was using the following code:
using (RunspaceInvoke invoker = new RunspaceInvoke())
{
// load the powershell module
invoker.Invoke("Import-Module MyModule");
// run the cmdlet defined in the module
invoker.Invoke("MyCmdlet");
}
I don't know whether this is the best approach for running cmdlets defined in a module (please teach me if there's a better way!). In any case, this works perfectly if I'm running as an administrative user. I tried running this as Network Service, however, and I got an unfriendly error in the constructor of RunspaceInvoke:
Requested registry access is not allowed.
Is there a way I can run my PowerShell cmdlets as a non-elevated user such as Network Service? I do not need or desire to access the registry. The cmdlet itself also does not require elevated privileges.
Upvotes: 10
Views: 8726
Reputation: 40789
Can you use SysInternals procmon tool to see what Registry access it's trying to accomplish? Maybe that will give you some insight as to what you could do to solve the problem.
Upvotes: 0
Reputation: 2889
We use a version of the below. The "script" parameter is the PS script to run. We use this from a custom command line so that we can mix c# commands with some written in PS. "results" can be used to capture the evaluation of your script. The "out-default" line means that the output of the PS script is written to the console. A version of this can instead capture the output to a TextBox or similar if you have a WinForm of WPF app.
public void run(string script)
{
IEnumerable<PSObject> results;
var config = RunspaceConfiguration.Create();
var host = new ScriptHost();
using (var runspace = RunspaceFactory.CreateRunspace(host, config))
{
runspace.Open();
runspace.SessionStateProxy.SetVariable("prog", this);
using (var pipeline = runspace.CreatePipeline())
{
if (!string.IsNullOrEmpty(scriptPath))
pipeline.Commands.AddScript(string.Format("$env:path = \"{0};\" + $env:path", scriptPath));
pipeline.Commands.AddScript(script);
var outDefault = new Command("out-default");
outDefault.MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
pipeline.Commands.Add(outDefault);
results = pipeline.Invoke();
}
}
}
Upvotes: 2
Reputation: 50210
more on lkaso answer
this shows you how to run it as anybody, not just admin. YOu have to run it as somebody, the service is running as a heavily restricted account that cannot do anything.
or run the service itself as joe user
Upvotes: 0