I'm trying to run invoke-command to launch a powershell script in a powershell file on a remote computer. I'm using the credentials for a user with Administrator privilege. The command needs to be executed by running powershell as an administrator. There are licensing issues with the application that i'm trying to invoke using the powershell script, so i cannot change the credentials to Administrator but need to run with that particular user itself. I have tried using -RunAsAdministrator at the end of the Invoke-Command, but i got an error saying:
Invoke-Command : Parameter set cannot be resolved using the specified named parameters.
$command = {
cd Folder
C:\Folder\build.ps1
}
Invoke-Command -ComputerName $RemoteSystemIP -ScriptBlock $command -credential $Credentials1 -ErrorAction Stop -AsJob
I'm trying to execute this as a background job that's why i added the -AsJob parameter.
Its been several days and i haven't found a solution yet.
tl;dr
The only way to get a remote PowerShell session to execute elevated (with admin privileges) is to connect with a user account (either implicitly or via -Credential) that has admin privileges on the target machine.
With such an account, the session automatically and invariably runs elevated.
The Invoke-Command's -RunAsAdministrator switch can only be used with (virtualization) containers (-ContainerId parameter), not regular remoting (-ComputerName parameter).
You cannot elevate on demand in a remote session (the way you can locally, interactively with Start-Process -Verb RunAs).[1]
Instead, you must make sure that the credentials you're passing to Invoke-Command -Credential to connect to the remote machine with refer to a user account that (also) has administrative privileges on the target machine, in which case the remote session automatically and invariably runs elevated (with admin privileges).[2]
If you cannot pass such credentials, I think you're out of luck.
To test if the current user has administrative privileges:
# Returns $true if elevated, otherwise $false.
[Security.Principal.WindowsPrincipal]::new(
[Security.Principal.WindowsIdentity]::GetCurrent()
).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
Separately, here's a simple test you can run from inside a session to determine whether it is running with elevation:
# Returns $true if elevated, otherwise $false.
[bool] (net session 2>$null)
[1] Unless the session at already is elevated, -Verb RunAs presents a pop-up UAC dialog that a user must confirm interactively, which is not supported in a remote session.
[2] The same applies if you use "loopback remoting", i.e. if you target the local machine via remoting, using Invoke-Command -ComputerName ., for instance, with additional restrictions, however: You cannot use a user that is authorized for remoting but isn't part of the local Administrators group, and if you use the current user (whether or not with explicit credentials), the calling session must itself be elevated.