Sudo icon indicating copy to clipboard operation
Sudo copied to clipboard

Published 20 hours ago verified publisher icon pldmgg

Metadata

Create an Elevated PowerShell Session as any user that you have credentials for

Build status

Sudo

Sudo for PowerShell! From a non-privileged PowerShell Session, run one-off commands, scriptblocks, or enter an interactive PSSession with 'Run As Administrator' privileges! If you have credentials for a different user account, you can switch to that user as well.

IMPORTANT NOTE: Functions in this Module will NOT run in a PowerShell Session that was already launched using 'Run As Administrator' (with the exception of the Restore-OriginalSystemConfig function)

Getting Started

# One time setup
    # Download the repository
    # Unblock the zip
    # Extract the Sudo folder to a module path (e.g. $env:USERPROFILE\Documents\WindowsPowerShell\Modules\)
# Or, with PowerShell 5 or later or PowerShellGet:
    Install-Module Sudo

# Import the module.
    Import-Module Sudo    # Alternatively, Import-Module <PathToSudoFolder>

# Get commands in the module
    Get-Command -Module Sudo

# Get help
    Get-Help New-SudoSession -Full
    Get-Help about_Sudo

Examples

Scenario 1: Using the Start-SudoSession function (alias 'sudo') to run a ScriptBlock with Elevated Privileges

PS C:\Users\zeroadmin> sudo {Install-Package Nuget.CommandLine -Source chocolatey}
Please enter the password for zeroadmin: ***************

PSComputerName       : localhost
RunspaceId           : 0fdf310f-dcb3-4ba1-893e-d502c56ed6c0
FastPackageReference : $aHR0cDovL2Nob2NvbGF0ZXkub3JnL2FwaS92Mi8=\TnVHZXQuQ29tbWFuZExpbmU=\NC42LjI=\Y2hvY29sYXRleQ==
ProviderName         : Chocolatey
Source               : chocolatey
Status               : Installed
SearchKey            : chocolatey
FullPath             :
PackageFilename      : NuGet.CommandLine.4.6.2.nupkg
FromTrustedSource    : True
Summary              : NuGet is the package manager for the Microsoft development platforms
...[Truncated]...

Scenario 2: Create a New PSSession with Sudo Privileges, and enter the session

PS C:\Users\zeroadmin> $SudoSessionInfo = New-SudoSession -Credentials $TestAdminCreds
PS C:\Users\zeroadmin> Enter-PSSession -Session $SudoSessionInfo.ElevatedPSSession
[localhost]: PS C:\Users\testadmin\Documents> whoami
zero\testadmin

Scenario 3: Create a New PSSession with Sudo Privileges and run one-off commands in that session

PS C:\Users\zeroadmin> $SudoSessionInfo = New-SudoSession -Credentials $ZeroAdminCreds
PS C:\Users\zeroadmin> Invoke-Command -Session $SudoSessionInfo.ElevatedPSSession -Scriptblock {Install-Package Nuget.CommandLine -Source chocolatey}
...
# When you are finished running commands against this Sudo Session, remove it via:
PS C:\Users\zeroadmin> Remove-SudoSession -OriginalConfigInfo $SudoSessionInfo.WSManAndRegistryChanges -SessionToRemove $SudoSessionInfo.ElevatedPSSession

Scenario 4: You use the New-SudoSession function with the -KeepOpen switch. The PowerShell process that owns the new SudoSession is unexpectedly closed/killed before you get a chance to run the Remove-SudoSession.

Revert your WSMAN and CredSSP settings to what they were prior to using the New-SudoSession function by opening a new PowerShell Session (does not matter if it is elevated or not) and:

PS C:\Users\zeroadmin> Import-Module Sudo
PS C:\Users\zeroadmin> $CurrentUser = $($(whoami) -split "\\")[-1]
PS C:\Users\zeroadmin> $SudoSessionFolder = "$HOME\SudoSession_$CurrentUser_$(Get-Date -Format MMddyyy)"
PS C:\Users\zeroadmin> $SudoSessionChangesLogFilePath = $(Get-ChildItem -Path $SudoSessionFolder -File -Filter "SudoSession_Config_Changes*.xml" | Sort-Object -Property CreationTime)[-1].FullName
PS C:\Users\zeroadmin> Restore-OriginalSystemConfig -SudoSessionChangesLogFilePath $SudoSessionChangesLogFilePath

Build

Run Windows PowerShell 5.1 non-elevated (i.e. do NOT 'Run as Administrator') and...

git clone https://github.com/pldmgg/Sudo.git

# Assuming the current user is an Adminstrator on the localhost...
$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$AdminUserCreds = [pscredential]::new($CurrentUser,$(Read-Host -Prompt "Please enter the password for '$CurrentUser'" -AsSecureString))
if (!$(Test-Path "$HOME\ModuleBuilds")) {$null = New-Item -ItemType Directory "$HOME\ModuleBuilds"}

# NOTE: Running the below will present a UAC prompt. You must manually click in the affirmative for the build to proceed
.\Sudo\build.ps1 -AdminUserCreds $AdminUserCreds *> "$HOME\ModuleBuilds\Sudo.log"

Notes

  • PSGallery: https://www.powershellgallery.com/packages/Sudo

Metadata

23
Stars
2
Forks
Watchers

Owner

verified publisher icon pldmgg

Metadata

Create an Elevated PowerShell Session as any user that you have credentials for

Back