I'm currently working on a setup in Windows 10 where a scheduled task triggers a Node.js script that downloads and executes a PowerShell script tailored for each user. However, I've hit a snag with Windows 11, as the User Account Control (UAC) blocks the PowerShell script from executing automatically; it requires user interaction to proceed. I've thought about disabling UAC altogether, but that affects all users on the machine, which isn't ideal. I'm considering another approach: having the Node.js script download the PowerShell script locally and then set up a second scheduled task to run it with admin rights after a brief delay. The hurdle here is that the PowerShell script needs a unique name for each user. Any advice or alternative solutions would be greatly appreciated!
5 Answers
It sounds like a pretty complex setup, and honestly, it might be worth reevaluating why you need to go through all this trouble. Have you considered whether your end goal can be achieved in a simpler way? From a security perspective, your method of scheduled tasks and elevated scripts is similar to tactics used by malware, which could trigger security alerts even if you solve the UAC issue.
Instead of using a Node.js script to fetch the PowerShell script, couldn't you just use a PowerShell script to do that? It would streamline your process and might help you avoid some of the hurdles you're hitting with UAC.
Haha, I wonder if this is an X;Y problem... Seems like it could be!
What is the main purpose behind running these scripts? Clarifying that might lead us to better solutions.
You could look into getting rid of the need for admin rights entirely. One way to do this is by impersonating the user using the SYSTEM account, which could help you work around the UAC restrictions. I don't have the PowerShell code at hand right now, but that could be one avenue to explore.
Are you suggesting this method works only for local users and not those on a domain?