Thursday, May 14, 2015

Stupid PowerShell Tricks: Launching an Elevated CMD Prompt from CMD

A non-elevated prompt creating an elevated prompt
One of the minor annoyances of working in a Windows environment is that, though RunAs is a closer approximation of sudo than it ever was back in the days of Windows XP, it still won't give you UAC-accepted Administrator access (i.e. the Windows equivalent of "root").

PowerShell, on the other hand, labors under no such restrictions, thanks to the Start-Process cmdlet.

As luck would have it, Start-Process includes a -Verb argument, which accepts the following:

File type Verbs 
--------- ------- 
.cmd------Edit, Open, Print, Runas 
.exe------Open, RunAs 
.txt------Open, Print, PrintTo 
.wav------Open, Play

If you feed it the Runas flag, PowerShell will dutifully run whatever process you feed it with an administrative prompt. Consequently, if you feed powershell.exe the following within CMD:

powershell.exe -Command "Start-Process cmd.exe -Verb RunAs"

You'll end up with an administrative CMD prompt.