SOTI Pulse Logo

Possible to execute self-elevated Powershell scripts through MobiControl?

TN
Topher Neal

I have some scripts I want to send out to a department of laptops to help configure a new VPN we'll be using. The first script enables Split Tunneling and the other adds and app trigger for mstsc.exe.

Because of how busy the members of this department often are, I'd like to leverage MC to send these scripts to each laptop for me. However, even after adding a snippet to the beginning that should self-elevate the scripts

if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))  
{  
  $arguments = "& '" +$myinvocation.mycommand.definition + "'"
  Start-Process powershell -Verb runAs -ArgumentList $arguments
  Break
}

however, the logs always result in the error that the new VPN connection name cannot be found. Digging into the error, it seems most likely that this is due to the script not actually running as elevated.

Has anyone successfully sent and executed a self-elevating Powershell script through Mobicontrol?

vpn windows script powershell
2 years ago
Windows
ANSWERS
K
KCMOD@SOTI
2 years ago
TN
Topher Neal
2 years ago

When sending PowerShell scripts through MobiControl, I open the device I want to send the script to in the MobiControl dashboard. On the device model, I choose "Send Script," I select the script type from the dropdown (PowerShell Native,) then I either choose an already saved PS script, or will paste a new script into the text field and hit send. (I know I didn't mention the Delivery dropdown, but my only option typically is the MobiControl Agent, so I don't really touch that field.)

K
KCMOD@SOTI
2 years ago
TN
Topher Neal
2 years ago

Thanks, I'll put in a support ticket for clarification once I have the opportunity.

JD
John Doe
2 years ago

Are you using Windows Mordern Agents or "The Old one" ?

I have no experience with Windows Modern so far but for the basic agent, i can give you the information that any script MC will run is executed as the currently logged in user.

TN
Topher Neal
2 years ago

We use the Windows Modern agents. Something tells me it also runs the scripts as the logged in user, but I would think that the users of ours that have local admin privs (accounting doesn't need me logging in every time they open Sage50) would be able to escalate PowerShell to admin. I know they can when I remote into their devices and use "open PowerShell as Admin," as I had to do it recently to set a VPN app trigger, since these scripts wouldn't self-escalate.

Similar Discussions