new Win 10 computers and elevating explorer.exe with my administrative account

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
v35678
Posts: 23
Joined: Mon Jun 13, 2016 7:02 am

new Win 10 computers and elevating explorer.exe with my administrative account

Post by v35678 » Wed Feb 13, 2019 11:51 am

Hi I have a strange issue with new Win 10 computers and elevating explorer.exe with my administrative account. I created a powershell app that serves as a menu system to launch other powershell apps with my admin id. So for example I set the admin credential with the following:

$global:cred = Get-Credential -Credential 'Domain1\'

Then start another app from the menu with the following example:

Start-Process "C:\Program Files\DesktopPowershellAPPS\Computer Support.exe" -Credential $cred

The Computer Support.exe then runs as my admin account. Everything works except when I try to do an admin share to the c: drive of a remote computer. It starts explorer.exe as my regular id that I'm logged into the computer with not my admin account. Here's the simple code for the admin share:

$computername = $textboxCN.text.Trim()
$files = "\\" + $computername + "\c$"
Start-Process explorer.exe $files

This is working on some of the Win 10 computers but not others. I'm stumped. Any ideas to get it to run as intended with the admin id?
Thanks for any help in advance.

User avatar
jvierra
Posts: 13391
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by jvierra » Wed Feb 13, 2019 12:08 pm

You cannot elevate "explorer" as it is the current session you are running. What is the purpose of this?

You can start an elevated session and then run explorer but explorer will still not be elevated.

User avatar
v35678
Posts: 23
Joined: Mon Jun 13, 2016 7:02 am

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by v35678 » Wed Feb 13, 2019 12:15 pm

The purpose is to bring up the c: drive admin share of a remote computer. This is working on multiple computers but it is not on newer Win 10 computers.

User avatar
jvierra
Posts: 13391
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by jvierra » Wed Feb 13, 2019 12:56 pm

TO open the remote share just use the share name:

explorer '\\host\c$'
It works on Windows 10 just fine.

User avatar
jvierra
Posts: 13391
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by jvierra » Wed Feb 13, 2019 1:01 pm

The idea that it works on some W10 computers tells us that you have network issues. Also a recent patch caused some issues with access to admin shares on W10. Contact MS support for a patch. The latest update rollup should have fixed this but maybe it didn't.

User avatar
JohnTitor
Posts: 146
Joined: Fri Nov 17, 2017 8:49 pm

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by JohnTitor » Thu Feb 14, 2019 11:35 am

Is the reason you don't use invoke-item is because you don't want to type in your password for each new PC?

Just curious to be curious

User avatar
v35678
Posts: 23
Joined: Mon Jun 13, 2016 7:02 am

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by v35678 » Thu Feb 14, 2019 2:01 pm

Yes this is a support application so we try to automate this as best we can. Like I said it works for some Win 10 computers. Very frustrating.

User avatar
jvierra
Posts: 13391
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by jvierra » Thu Feb 14, 2019 2:20 pm

"Works for some" says that you don't have a consistent configuration of Windows.
Also you cant use alternate credentials to a remote that you already have a connection to.

None of this has anything to do with elevation and nothing you are doing is elevating anything. "Elevation" is only used to the local system when a UAC prompt is displayed.

To access a remote admin share you must be a member of the remote systems Administrators group.

User avatar
v35678
Posts: 23
Joined: Mon Jun 13, 2016 7:02 am

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by v35678 » Mon Feb 18, 2019 7:01 am

Thanks for the info but it seems we are going in circles here. Absolutely it has to do with inconsistences with the Win 10 configurations and that’s why I reached out to see if anyone else has run into this. UAC does play a role because it comes up. But the good news is I figured it out. It turns out it is the following:
HKCR\AppID\ {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Ownership needs to be changed to administrators and then the runas key located here needs to be deleted or renamed.
We had this since Windows 7 and for whatever it was missed in some of the Win 10 configurations. I hope this helps out other people.

User avatar
JohnTitor
Posts: 146
Joined: Fri Nov 17, 2017 8:49 pm

Re: new Win 10 computers and elevating explorer.exe with my administrative account

Post by JohnTitor » Mon Feb 18, 2019 7:28 am

thanks for the update! This has always been a wonder for me but never had the time to dig..

I cannot delete the key so it must be protected by GPO

Locked