Automate creation of scheduled task and shortcut to circumvent UAC

Topic

New Reply

Hey Y’all,

In response to Woody’s column on getting around UAC and the comments made in the Windows Secrets Forum I decided to write a PS script to automate the process. As those of you who frequent this forum I’m just learning PS and as such would appreciate your comments on the code and ways to make it better. Thanks for looking.

38588-Create-NoUACTaskShortcut

HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Replies

Dear RG (I’m a SemiRG myself),

I followed your link and downloaded the zip here, extracted the files, and read the documentation – seems simple enough.

Then I clicked on the program file and saw it simply open up in a text editor.

So I’ve been trying to find a place to download a version of Windows PowerShell that runs on my 32 and 64 bit Win 7 Pro SP1 machines.

Though Microsoft.com is delighted to link me to documentation, it sends me in circles trying to find the downloads. Could you supply links to download versions for Win 7 Pro SP1 /32 and 64 bit versions of the OS?

Reply | Quote

Found the page with the download links: http://www.microsoft.com/en-us/download/details.aspx?id=34595

Reply | Quote

Installed Windows PowerShell, right-clicked on your program, and chose Run with PowerShell.

A console window, resembling a DOS prompt, opened, with a multi-line message in red type on the black background, and closed in less than half a second before I could read any of it.

Tried this multiple times with the same result every time.

Reply | Quote

I tried this. I searched for powershell (via the win 8 start screen – magic!). I right clicked the exe and chose run as administrator. I then navigated to where I had saved the script and ran it (all done as if it was a dos command window). I can read the text it produces but it says that running scripts is disabled on this system. I thought I had run some scripts before so I’m not sure what may have changed. I’m just about to investigate further.

Eliminate spare time: start programming PowerShell

Reply | Quote

Hey Y’all,

Sorry I guess I should have included this link on setting up PowerShell for the first time. By Default PowerShell is locked down for security.

Setting up PowerShell See Post #2 Items 1-3.

Note: The instructions are for the PowerShell_ISE (Integrated development environment). You may also need to set the ExecutionPolicy for the PowerShell command line environment. To do this just enter PowerShell.exe vs PowerShell_ISE.exe in the search box.

HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

I did what it said in items 1 & 2 of that post, agreed to the policy change, and was told I wasn’t allowed access to that registry key:

Set-ExecutionPolicy : Access to the registry key
‘HKEY_LOCAL_MACHINESOFTWAREMicrosoftPowerShell1ShellIdsMicrosoft.PowerShell’ is denied.
At line:1 char:2
+ Set-ExecutionPolicy RemoteSigned
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-ExecutionPolicy], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionP
olicyCommand

(No, I didn’t put in a smiley – this board did.)

The response to step 3 was more terse: “Restricted”

I then searched for PowerShell.exe, ran that, and entered the same command at its command prompt, agreed to the change, and got precisely the same error message.

And yes, I’m running in an account with full administrator privileges, which is a member of the Administrators group, which the Microsoft instruction page “Getting Ready to Use PowerShell” says is required.

It appears that I’m allowed to run Get-ExecutionPolicy, but not Set-ExecutionPolicy – or at least not change anything with it. I can start it with no parameter, but once it’s up, anything I say inside of it is rejected as unauthorized.

I’ve never used the Group Policy system, and this is a new machine, so there’s no policy editor, much less any policies in place!

Reply | Quote

Philnick,

When you ran Powershell, did you choose the option “Run as administrator”?

To change the execution policy you need to start Windows PowerShell with that option.

HTH

Reply | Quote

I can now get the program to run, but only by right-clicking on the ps1 file – setting up a shortcut to it as your outlined in the thread from which I got your program – and starting that shortcut with administrative privileges still is blocked!

So I’ll set up a shortcut to that folder.

Reply | Quote

That worked – but it’s a bit unintuitive that even though there’s a badge next to that option on the shortcut’s properties (I pinned it to my taskbar) I have to click on that option to make it happen!

Reply | Quote

PhilNick,

Use the program to setup bypassing UAC for itself:

Task/Shortcut Command: [noparse]C:Windowssystem32WindowsPowerShellv1.0PowerShell.exe[/noparse]
Task/Shortcut Args: [noparse]your-drive-letter-here:your-path-hereCreate-NoUACTaskShortcut.ps1[/noparse]

To use an icon from Windows: C:WindowsSystem32SHELL32.dll,n where n is the icon number.
Or just check the Use Task/Shortcut Command Icon: option.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

PhilNick,

Use the program to setup bypassing UAC for itself:

Task/Shortcut Command: [noparse]C:Windowssystem32WindowsPowerShellv1.0PowerShell.exe[/noparse]
Task/Shortcut Args: [noparse]your-drive-letter-here:your-path-hereCreate-NoUACTaskShortcut.ps1[/noparse]

To use an icon from Windows: C:WindowsSystem32SHELL32.dll,n where n is the icon number.
Or just check the Use Task/Shortcut Command Icon: option.

Doesn’t work. I fill in the name, command, and argument boxes, and check use the command icon, and the PowerShell window puts up a multiline red error message and disappears too fast to see what it said.

By the way, I tested your script out by trying to create a task and shortcut for a run-of-the-mill program located under “Program Files.”

Your script does not work either with or without quotes in the Task/Shortcut Cmd box, to deal with the space in the path in the phrase “Program Files.” With the quotes, your script complained that what I put in was invalid. Without them, PowerShell did its multiline red error message disappearing act.

By the way – is there any way to keep it from doing that. Can’t it be told to stay on screen so I can read the error message?

Reply | Quote

I’ve set the execution policy back to restricted. No point leaving a back door open when I don’t have any script to run!

Reply | Quote

Philnick,

If you set it to RemoteSigned you don’t have to worry about external programs. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Hey Y’all,

I’ve updated the zip file in the Post #1 to include an updated documentation file that incorporates instructions on getting PowerShell to work the first time (per your comments above) and using the program to create a shortcut to itself. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

RG,

Here are my comments in terms of the script:

The “$objForm” declaration should be moved AFTER the “$OK & CancelButton” declarations.
As it stands, the script fails if “Set-StrictMode -Version 2.0” or greater is set in the user’s profile, or added to the script itself. (See the help in “Set-ScriptMode”).

The backticks around “$TaskArg” in the “Function Create-NoUACTask” should be removed.
If the command specifically requires double quotes around its arguments, then the user should include them in the form.

In the “Function Create-NoUACShortCut”, you could add “$Shortcut.WindowStyle = 7” to prevent the “schtasks” window from briefly popping up before executing the scheduled task.

Well done on a very nicely designed form.

Reply | Quote

Have you rewritten the actual script? It doesn’t work at all on my system, beyond putting up the box to fill in the variables, except perhaps in the limited case where the program you’re running doesn’t have any spaces in its path – which lets out most programs, as most are in one or the other “Program Files” folders!

And it didn’t work to start itself either, and there was no space in that path.

How have you gotten it to work?

Reply | Quote

Philnick,

No I haven’t written the script. It works just fine for me, can you be more specific about what is happening?
Are you putting quotes around those strings? The instructions specifically tell you NOT to use quotes! :cheers:

BTW:

By the way – is there any way to keep it from doing that. Can’t it be told to stay on screen so I can read the error message?

Use the PowerShell_ISE.exe to run it in the interactive environment. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

With quotes, the script complains. Without quotes, PowerShell complains and quits before I can see what it said. Is your script “signed”? Maybe I need to authorize unsigned scripts – though the fact that it puts up the input panel means that it’s not completely refusing to run the script.

Reply | Quote

Philnick,

My BAD! I have PS setup to always run with Administrator Privileges and didn’t think this one would need that but it surely does!

Code:

PowerShell: Run Normally

PS> .Create-NoUACTaskShortcut.ps1
Register-ScheduledTask : Access is denied.
At G:bekdocsscriptsCreate-NoUACTaskShortcut.ps1:38 char:1
+ Register-ScheduledTask -Action $TaskAction  `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (PS_ScheduledTask:Root/Microsoft/...S_ScheduledTask) [Register-Schedul
   edTask], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070005,Register-ScheduledTask

PS>

PowerShell: Run as Administrator

PS> .Create-NoUACTaskShortcut.ps1

TaskPath                                       TaskName                          State
--------                                       --------                          -----
                                              Test-Admin2                       Ready

PS>

My apologies for wasting your time.

So you can’t start the program by right-clicking the script in File Explorer!

Try this:

Using search find PowerShell.exe.
Right-Click on it and select Run As Administrator (assuming you are using your Administrator Account)
When the window comes up type: .Create-NoUACTaskShortcut.ps1
The input window may not show up on top…check the icon on your taskbar and if doubled hover over it and click on the thumb ail showing the menu.
Now you should be able to create the shortcut/task pair to run PowerShell as Admin.

Another thing I noticed is when I copied the command from my Word document into the menu it put a space between Power and Shell, you’ll need to delete this if you get the same result.

Again sorry for wasting your time and thanks for doing the testing and hanging in there!

BTW: I have a routine to elevate privileges in PS so I’ll look into trying to integrate that into the program.

HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

I had already spotted and been deleting the space in your command.

I re-enabled RemoteSigned, started PowerShell ISE as an administrator (which I had already done to change the execution policy) and pasted the path to your script into its command line, so I could read the error messages.

First result was that I got scolded for using a & in my folder name “Downloads&Disks” and told to use a & to pass it as a literal, so put in “Documents&&Disks” which didn’t work either.

Renamed the folder to “Downloads-Disks” (which will require repairing all my links to it), and tried again, correcting the path in the dialog box as well, and deleting the space in your comand.

This time I got this error message, which is apparently relates to something in your script:

Create-NoUACTask : The term ‘New-ScheduledTaskAction’ is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the
path is correct and try again.
At E:Downloads-DisksNoUAC-AutomationCreate-NoUACTaskShortcut.ps1:291 char:6
+ Create-NoUACTask -TaskCommand “$TaskCommand” `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-ScheduledTaskAction:String) [Create-NoUACTask], CommandNo
tFoundException
+ FullyQualifiedErrorId : CommandNotFoundException,Create-NoUACTask

No shortcut was created, and I couldn’t find a task either. (BTW are you putting them in the NoUAC folder the original post recommended creating?)

Reply | Quote

Philnick,

Ok, let’s try gathering some information.

First, startup PS and type this: $PSVersionTable > d:pathfileame.txt ( of course providing the necessary d:pathfilename.txt) then post the file.

Next could you provide exactly what parameters you are putting into which boxes of the menu.

Thanks. :cheers:

BTW: This is why I ask:

From MS Technet.
New-ScheduledTaskAction
Windows Server 2012 R2 and Windows 8.1
Other Versions
This topic has not yet been rated – Rate this topic

Updated: May 8, 2014

Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Hey Y’all,

I’ve update the code & documentation in the OP to reflect the latest change.
The code now checks for the minimum required system configuration and alerts the user via message box if they are not met.
The requirements are:
Windows 8.1+
PowerShell 4.0+ running as Administrator

HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

If your script doesn’t work under Win 7, which only goes to PowerShell 3.0, I’m wasting my time. You really should have said this at the outset, since I said I was running Win 7 in my first post in this thread.

The file you asked for is attached.

The entries I put into the dialog box were your command line with the extra space deleted and the path to your script, E:Downloads-DisksNoUAC-AutomationCreate-NoUACTaskShortcut.ps1, with no quotes on either.

Reply | Quote

Philnick,

Again, Sorry about that! I didn’t realize I was using a Win 8 PS 40 only command at the time. I’ll know to check more closely in the future. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Maybe you can find a way to do it in Win 7 PS 30.

Thanks anyway.

Back to using notepad to store my copy and paste strings!

Reply | Quote

Cliff,

Thanks for the excellent suggestions. :thewave:

I’ve incorporated 1 & 3 into the code and posted it in the zip file in post #1.

I didn’t incorporate #2 because that was a conscious design decision to not make the user have to include the quotes since I designed this for novice users. Since it doesn’t hurt to have them when they are not needed I thought it best to just not have the user have to worry about it. Also, if I remember correctly, I had some problems with the code before putting them in when I passed it a path enclosed in quotes.

Thanks again for the help. I’m investigating the Set-StrictMode cmd-let since this is new to me. It looks interesting and I may incorporate it into my Profile to force me to write better code, any help here is sorely needed! 😆

:cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

For Windows 7 users, have a look at Create a scheduled task natively [AHK_L].

When run, this AutoHotkey script creates the following dialog:
38594-uac
Click to enlarge

I tested this and found it created the scheduled task but not the shortcut.

Also, have a look at Run as Administrator (XP/Vista/7) A_IsAdmin Params [Lib] in the same vein.

Hope this helps…

Reply | Quote

Just posted this under Woody’s article, but for those who’re not going back there:

One trap I found with the Task Scheduler approach is that the default settings on the Conditions tab on a new task tell the task not to run if the machine is running on batteries and not to run unless the machine is idle – and stop when it’s not!

While these may be reasonable settings for tasks being started on a schedule, they can be disastrous for a task being run hands on. I think the “stop when not idle” rule may have caused a bulk copy operation to stop on me today.

I’ve gone into the Conditions tabs of all of my NoUAC tasks and turned off those rules!

Reply | Quote

Philnick,

Good points!

I’ve researched the “stop when not idle” parameter and I’m still sure when it is actually used but I’ve decided to have the program turn it off in all circumstances since this is for “on demand” programs.

Here are the References if anyone is interested:
Idle Task Conditions
Task Conditions

I’ve updated the menu to add a selection for “Is this a Laptop”. Checking this box will not allow operations on the Battery! Leaving it unchecked will allow operations on the battery and will not stop the operation if the computer switches to battery power.

Again, thanks for the suggestions.

Here’s the updated code and documentation: 38626-Create-NoUACTaskShortcut-Documentation

BTW: I’m still researching to find if I can make this program work with Windows versions prior to 8.

HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Thanks!

I’ve found that the creation of a new exception is much easier if I keep a notepad window open to paste the original command line into after pasting it into the task, and copy the command to start the task for the shortcut, so I can copy them back in the opposite order into the shortcut – first the task command to create the shortcut and then program command into the Change Icon subroutine.

That make this a bit less annoying – and I appreciate that you’re trying to retrofit it to Win 7!

Reply | Quote

Hey Y’all,

Here’s Version 2, if anyone is interested. 38743-Create-NoUACTaskShortcut-V2

This version adds Choose buttons (File Browser Windows) for picking the Program, Shortcut Location, and Icon file.
The code has also been streamlined by creating function for the form creation methods (makes the code a little easier to read or at least a little less cluttered).

Enjoy! :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote