13

I am logging into a Windows Server 2016 box on GCP via SSH. That leaves me logged into a powershell session, but I need to have Admin privileges to successfully run some commands. I do not have another Admin account, so I basically need to elevate the current session somehow, start a new shell as admin, or find a way of running commands as myself elevated to admin status.

I know about the runas command, but I can only see ways of running as other users, not myself elevated into the admin role. I basically want sudo for Windows :)

Bear in mind that I cannot solve this issue using something that requires a normal UAC prompt, as that prompt needs to be handled using a mouse/keyboard in a graphical environment (typically RDP).

oligofren
  • 1,426
  • 1
  • 25
  • 41

1 Answers1

3

To run an elevated command without UAC prompt will require using the Task Scheduler. As far as I know, all other solutions will require a UAC prompt to work.

The idea is to create a scheduled task with a trigger that is never activated, so it can only be run manually with the command :

schtasks /run /tn "task-name"

For more information see the article which today is still mostly true:
Windows 7: Elevated Program Shortcut without UAC Prompt - Create.

Note that you should specify your user account for the task, which must have administrator privileges, and also specify "Run with highest privileges" to run the task using an elevated privileges token rather than the default least privileges (UAC) token.

The task can execute one command. This can be a batch script into which you will place (perhaps dynamically) the command to run. Note that this will be a huge security hole if anyone else discovers this task.

harrymc
  • 498,455