Shane's Adventures in Information Technology

So the old methodology we used to use for opening up Active Directory was a little cmd file:

runas /user:AD\<admin account> cmd

Which would start a new cmd window running under the <admin account> credentials. From there, you could type dsa.msc to start Active Directory running as that <admin account> instead of the account you were logged in as. This worked well enough, but there were a few caveats: first, there were two cmd windows open after you had AD up and running, and second, you had to remember the “dsa.msc” part. Not so hard for an administrator, but perhaps tricky for my student workers.

At lunch today I thought “PowerShell has to be able to do this better” and with some google-fu and trail and error, it turns out I was right. There are three major steps:

1. Run PowerShell as an administrator, then run “Set-ExecutionPolicy remotesigned”. Click “Yes” to the prompt.

2. Create a PowerShell script folder somewhere. I use ‘C:\PowerShell scripts’ but I also tested running this from my desktop, so I believe it could be anywhere (possibly even on a file share, although I would assume you would need to use the FQDN. I should test that). Make a ps1 file (mine is DSA.ps1) with the following (filling in your domain\admin account):

Start-Process “C:\Windows\System32\cmd.exe” -workingdirectory $PSHOME -Credential <domain\admin account> -ArgumentList “/c dsa.msc”

3. Create a shortcut with the following (making any changes if you haven’t used the same folder structure I have):

%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe &’C:\PowerShell scripts\DSA.ps1′

Viola! The shortcut will now open a cmd window which will automatically open AD under your admin credentials. No more need to remember dsa.msc, and only one cmd window left open (which can be closed by hand without affecting AD, or you can leave it alone and it will close automatically when you close AD). Not game-changing, but a fun little way to spend my lunch and I learned a few things along the way. Let’s dig a little deeper into what we did:

First, we had to make sure that we could run PowerShell scripts like an executable. This is set to Restricted by default (check your policy with the Get-ExecutionPolicy command). We changed it to remotesigned, which is defined as “Downloaded scripts must be signed by a trusted publisher before they can be run”. For more details, check TechNet: http://technet.microsoft.com/en-us/library/ee176961.aspx

Second, we created the actual script itself. It calls the Start-Process cmdlet, specifying the filepath (which is a positional parameter, so we don’t need to explicitly name it, although we could), as well as the working directory, credential, and an argument list to pass to cmd. The /c part tells cmd to run the command listed (which ours is dsa.msc). The /c argument is supposed to tell cmd to run the command and terminate, but it won’t terminate until the command is complete. In other words, this is why the cmd window stays open until we close AD which completes the command.

Last, we create a handy little shortcut for ourselves, calling PowerShell with the script we wish to run. You can also do everything detailed here with printmanagement.msc for the Print Management console. Happy hacking!

~ by Shane Martins on August 7, 2012 .