Skip to main content

How to elevate specific command lines with ProfileUnity

Glen Porter
  • Created:
  • Updated:

Problem:

How to elevate specific command lines with ProfileUnity

 

Resolution:

 

This can be accomplished using LwL.ProfileUnity.Client.CmdRunner.exe which is located in the C:\Program Files\ProfileUnity\Client Net.

 

This process is signed by Liquidware and can be excluded in AV

 

The way to use this is to call the process you want to elevate (like a shortcut to a EXE) that you want to give user admin access too versus giving users Admin level access to the system entirely. As well as elevate certain PowerShell or cmd commands without elevating all PowerShell or cmdlets. 

 

Workflow:

LwL.ProfileUnity.Client.CmdRunner.exe (C:\Program Files\ProfileUnity\Client Net) comes with an accompanying .config file LwL.ProfileUnity.Client.CmdRunner.exe.config that allows you to add processes you want to elevate as child processes to LwL.ProfileUnity.Client.CmdRunner.exe.

Multiple process can be allowed to be executed as well via each using a unique ID.

 

Example:

In this scenario we'll use notepad.exe located in "C:\Windows\System32\notepad.exe".  

 

Step one

On the parent image (C:\Program Files\ProfileUnity\Client Net) and in the client.net.zip file locate the file LwL.ProfileUnity.Client.CmdRunner.exe.config.  You want to modify both so if the Lwl.Client.Startup.exe is run again (recompose or reboot - persistent machines), your modifications are not overwritten.

Edit this file to include the path to .exe you want to elevate.

Locate this section in the file "ConfigCommands"

Example see line 23 in Notepad++

 

cmdrunner.png

In this case id=1 path to the exe.

You can also use powershell to start the same process as in this example

Example see line 23 in Notepad++

 

cmdrunner2.png

In this case using powershell note the single and double quotes at the end of notepad.exe

 <ConfigCommand id="1" command="&quot;powershell.exe&quot; -executionpolicy bypass -windowstyle hidden -noninteractive -nologo -NoProfile Start-Process 'C:\Windows\System32\notepad.exe'" />

You can add more items to this by adding additional id= path

In addition you can also use cmd to start a process, similar to how you might use PowerShell

 

IE:  cmd.exe /c C:\Windows\System32\notepad.exe

 

Once this is complete you can call these in the ProfileUnity Shortcut module using following syntax.

cmdnote.png

 

"C:\Program Files\ProfileUnity\FlexApp\lwl_userapp_trigger64.exe" "C:\Program Files\ProfileUnity\Client.NET\LwL.ProfileUnity.Client.CmdRunner.exe" //RunCommand 0 /elevate

RunCommand 0 = all id's

If using multiple ID's in the LwL.ProfileUnity.Client.CmdRunner.exe.config you can call these in separate shortcuts, calling out the ID's you want to elevate

"C:\Program Files\ProfileUnity\FlexApp\lwl_userapp_trigger64.exe" "C:\Program Files\ProfileUnity\Client.NET\LwL.ProfileUnity.Client.CmdRunner.exe" //RunCommand 1 /elevate

"C:\Program Files\ProfileUnity\FlexApp\lwl_userapp_trigger64.exe" "C:\Program Files\ProfileUnity\Client.NET\LwL.ProfileUnity.Client.CmdRunner.exe" //RunCommand 2 /elevate

 

Product: ProfileUnity-FlexApp

Product Version:  6.8.4 +

 

 

 

 

 

 

 

 

Related articles