Reputation: 1
Is there a way to embed Azure AD admin creds to a script to bypass UAC prompt? (PS)
I've created a PowerShell script to clean endpoint devices joined to Entra, but I'm encountering issues with streamlining the UAC credential entry for admin processes like DISM. Running the script as an administrator with the command (Start-Process PowerShell -verb runas -ArgumentList '-noexit','-File','Script.ps1') only leads to a UAC prompt for Entra credentials. This is also the case when using the -verb RunAs parameter. If an Entra admin is logged in on the endpoint device, the UAC prompt only requires a click on "YES," but if a regular user is signed in, it asks for full credentials. I want to know if there's a method to embed the admin credentials within the script to simplify the UAC prompt for the end user to a single click on "YES," instead of entering credentials. Any help is appreciated!
Upvotes: 0
Views: 90
Answers (1)
Reputation: 3781
I don't think you can completely bypass the UAC prompt, as it is a built-in Windows security feature to prevent unauthorized processes from gaining elevated privileges. However, as a workaround you have two options
Option1- Scheduled Task with Highest Privileges
You can refer to the links I shared above and create a script that will run elevated tasks
Write-Host "Starting DISM Cleanup..."
DISM /Online /Cleanup-Image /RestoreHealth
Write-Host "Cleaning up temporary files..."
Remove-Item -Path "C:\Windows\Temp\*" -Recurse -Force
Write-Host "Maintenance completed successfully!"
Store the AD (Entra) Admin creds in Windows Credential Manager
cmdkey /add:AzureAD\AdminUsername /user:AdminUsername /pass:AdminPassword
Schedule a task to run the script with Admin Privileges
$scriptPath = "C:\Scripts\Script.ps1"
$trigger = New-ScheduledTaskTrigger -AtStartup
$principal = New-ScheduledTaskPrincipal -UserId "AzureAD\AdminUsername" -LogonType Password -RunLevel Highest
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -File $scriptPath"
Register-ScheduledTask -TaskName "Run-AdminScript" -Trigger $trigger -Principal $principal -Action $action
Since I'm not on AD and don't have entra creds, I'm using local admin to automate the task execution to simplify this, but you can use your entra creds. Replace "AzureAD\AdminUsername" with your actual Azure entra admin details.
Deploy the Script to your VM
az vm run-command invoke \
--resource-group arkorg \
--name arkovm \
--command-id RunPowerShellScript \
--scripts "New-Item -Path C:\Scripts -ItemType Directory; Set-Content -Path C:\Scripts\Script.ps1 -Value '<script_content_here>'"
After setting up the task, you can verify its status
az vm run-command invoke \
--resource-group arkorg \
--name arkovm \
--command-id RunPowerShellScript \
--scripts "Get-ScheduledTaskInfo -TaskName 'Run-AdminScript'"
Upvotes: 0
Related Questions
- How to prompt to run EXE as different user in powershell
- How to Runas App with another admin user in Windows
- How to avoid UAC prompt while running powershell script
- Powershell Script - Run certain commands only as admin and rest of script as non-admin
- Access is denied to localhost despite being administrator - PowerShell
- Running A PowerShell Script At A UNC Path With Admin Privilege From Shortcut
- How can I run a PowersShell script remotely as admin without requiring any additional prompt?
- PowerShell: Run script from shortcut using relative path
- Admin script won't relaunch as admin on reboot
- Start-Process -wait doesn't work when script is launched from command prompt opened with runas or as a scheduled task