W
W
WindBridges2021-08-12 21:16:04
PowerShell
WindBridges, 2021-08-12 21:16:04

SSH + PowerShell, how to run a command with elevated privileges?

On a remote Windows 10 machine with an OpenSSH server configured to run commands in PowerShell. The server is running as a user who is an administrator. But some commands require elevated privileges. You can achieve this locally by launching a new PowerShell window as an administrator. But there are no ideas how to do this within the SSH connection to a remote computer. If I run the same command locally, then everything works fine in a session started with admin privileges, but in a normal one, a UAC window appears. From which I conclude that the problem is the lack of rights. Something suggests that the sshd service should immediately be started as an administrator, but I did not find how to do this. Can you tell me if this can be achieved somehow?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Vladimir, 2021-08-12
@FluffyBeaver

You can try Enter-PSSession on the same host (localhost) with an explicit account (-Credentials).
There is a chance that it will help, but I'm too lazy to check.
By the way, what do they write about this on the Internet?
Why I'm too lazy to look for - understandable. And why you?

M
MaxKozlov, 2021-08-12
@MaxKozlov

You can check and compare rights through whoami /all
, most likely it will be very similar there.
If the computer is not in a domain, then you can look at
LocalAccountTokenFilterPolicy
https://winintro.ru/windowspowershell2corehelp.en/...

Set the value of the LocalAccountTokenFilterPolicy registry entry to 1.
For example, the following command uses the New-ItemProperty cmdlet and the Windows PowerShell Registry Provider to create the LocalAccountTokenFilterPolicy registry entry on the local computer and set its value to 1.
new-itemproperty - name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1

winrm quickconfig installs it. if the computer is not in the domain. Thus, the remote session gets admin rights without uac.
And the ssh service installed by default is quite sufficient to run with admin rights.
Unless some things can only be set in an interactive session. The same ssh-server is installed only interactively. Or locale

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question