Powershell Elevated Prompt for Logged on User modification

55 pts.
Tags:
Automation
Group Policy
Windows firewall
So the scenario that raised this question, is that I am trying to automate a software installation, but a step following the installation requires that a firewall exception must be made for the program, which unfortunately happens to reside in the Users Appdata/local folder.

Being unable to modify this via Group Policy, because of User ENV Variables, I turned to Powershell, but am seeing that it is equally difficult/impossible because of those same ENV restrictions. I have been at this for days, and can't seem to find a way to do this, I thought of using a script that would output the users name to a file, and call that in the Elevated prompt, but I can't see how that would be feasible to essentially inject an answerfile in the middle of a string of text.

Is there any known way to address this, or a method that makes sense, and is manageable? I want this to be minimal interaction/maintenance.

Thank you for your time!


Software/Hardware used:
Powershell/Firewalls
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

Decided to basically remodel the system setup procedure to include “add new user to specific GPO’s x & y”, since Powershell generalization doesn’t seem possible.
Created a firewall policy for each individual user that is assigned the program, and blanket applies to every system.

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ToddN2000
    Almost sounds like you are looking for a way to hack a systems security measures without the user knowing.. Why is this automation method necessary?. Post a link for the users to download the application. If you have network admin rights this should not be a problem as they do it at work here all the time.
    132,840 pointsBadges:
    report
  • timendo
    The users don't have admin rights, and adding the firewall exception is an administrative task, it's just that the target is a User-specific location that I can't appear to generalize, because variables like %USERNAME% and ${appdatalocal} don't work since it defaults to the running admin. I am looking to automate it so the step is no longer a concern. It's for RingCentral, nothing nefarious.
    (which happens to reside in C:\users\userfolder\appdata\local)
    It's meant to be a blanket policy, but since it resides in user specific directories, GPO does not allow User ENV Variables.

    It's to make user interaction as minimal possible when it comes to upkeep of software.
    I could create the firewall policy for each individual employee, but that is just far less manageable than a blanket job that covers everyone, and doesn't need to be updated any time a new employee is brought on. 

    Thank you for your concern though, I understand people seek ways around security measures in such a way.
    55 pointsBadges:
    report
  • TheRealRaven
    ...people seek ways around security measures in such a way.

    Be aware that any useful answer will need to be one that others finding this thread can't use to get around security.

    Is there a reason this app must go into user-specific folders?
    35,160 pointsBadges:
    report
  • timendo
    When installed as administrator, it puts it out of reach, they cannot run the program without administrative privilege.

    That's how the program installs, I didn't develop RingCentral. I don't understand why this is a problem.
    I'm not asking how to elevate something from a user and bypass any sort of security, I'm trying to make a generalization so I can cover my entire domain of users, which I am administrator of.

    I unfortunately do not have a superior that has knowledge on these things, and I've done days of searching and come up with nothing beneficial, expect learned that I can't do it with GPO or PS because of the variables.

    Literally just trying to save time and make it manageable for the future when I am either less invested in the company/gone, so that my successor doesn't have to waste time doing it on a per-user basis.

    Again, just trying to make it more automated, without having to manually do each step, Either way I've made progress with this just because I've learned enough Powershell at this point I'm confident i could manually do it for each user, but again, it's an unnecessary amount of work, if it can be generalized and automated. That is the goal.
    55 pointsBadges:
    report
  • Subhendu Sen
    You can create a fresh firewall policy that might be helpful.
    139,010 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: