I want two applications requiring a Windows administrator privileges to be run from a standard user account.
The standard user account is my child's account. I want her to be able to automatically run:
- MSI Afterburner (with a customized profile that corrects nVidia's voltage curve = does undervolting, saves energy, stabilazes GPU clock, improves user experience in games (increased FPS, shorter and more stable time-frame), subtracts 10+ C from GPU = silence)
- FanControl (an app to control case, CPU and GPU fans to keep their temperatures under full control)
Here is what made up: Keep the admin password in an ecrypted form - so that my doughter cannot read it - in a file and invoke these two from a script run on user logon.
I use PowerShell to achieve it:
"password" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\pass.sec"
Then I want to use that password and an administraotrs group member user to invoke an exe file also from the PowserShell script. Because I got stuck, I am still on the stage of interactive issuing commands.
Here is what I have reached so far:
#use the ecrypted file and retrieve the password from it. The goal is to use AES (using a randomed matrix to encrypt and decrypt the password). Pretty easy but let's leave simple for now.
$f = "c:\pass.sec"
$p = Get-Content $f | ConvertTo-SecureString
#an admin group member created earlier by the system admin (me)
$u = ".\app"
#create a user credential object
$k = New-Object System.Management.Automation.PSCredential -ArgumentList ($u,$p)
#use the credentials to run another powershell instance as an administrator
Start-Process powershell -Credential $k -ArgumentList '-NoProfile -Command &{Start-Process -filepath "powershell" -verb runas}'
Above works perfectly well and does what is needed however using the same to run FanControl.exe (with its full path, of course), does not run the app. Any clue why? I give up and I have no experience to troubleshoot it further. Counting on your happy to help.
#this does not work as desired at all
Start-Process powershell -Credential $k -ArgumentList '-noprofile -command &{Start-Process -filepath "C:\Program Files\FanControl\fancontrol.exe" -verb runas}'
I have figured that maybe I should run fancontrol.exe as an argument from the elevated powershell instance invoked with this
Start-Process powershell -Credential $k -ArgumentList '-NoProfile -Command &{Start-Process -filepath "powershell" -verb runas}'
but the systax defeated me.
Could you give me a hand?
As described above...