One of the great features of PowerShell is the ability to run commands and scripts remotely on machines. I often find myself either entering an interactive session with Enter-PSSession or using Invoke-Command on multiple machines at once. I am an old PSExec user, and although I do not find much use for it anymore now that PowerShell can do so many things PSExec does (and better), to me it still has had one benefit.

This would be the ability to run remote commands as the SYSTEM account by specifying the ‑s parameter like this:

PSExec.exe –s \\machine whoami

I have searched in the past for solutions that let me do this in PowerShell, but recently one module has made it possible: Invoke-CommandAs. This module aims to address this very problem in PowerShell, and it does so wonderfully. Its creator is Marc Kellerman, whom I met at PowerShell Summit this year.

How it works

For Windows 8/2012+ systems, the command uses the ScheduledTasks module to register and run script blocks on remote systems. For Windows 7/2008, it creates a scheduled task COM object and invokes the code this way since the ScheduledJobs module is not available on these versions of Windows.

This serves two critical functions. For one, it provides a way to solve the PowerShell double-hop problem by running the code “locally” under a scheduled task. In addition, it creates and runs the task under the SYSTEM account, which can be preferable for things such as installing software.

PowerShell remotely as SYSTEM

To show that the remote commands are actually running under the SYSTEM account, I can do a simple test using the whoami command. Note that I specify ‑AsSystem as a parameter, which is not a parameter you can use in Invoke-Command.

Read more at 4sysops.com