8,330 questions
The SysNative is a virtual directory that doesn't exist when running a 32-bit process.
Start-Process with -Verb RunAs and SysNative
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 95%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Joel Kraft
1
Reputation point
I'm working on a script where I want to make sure that I am always running in an elevated 64-bit instance of PowerShell.
Given these variables:
$PsPath = "$env:SystemRoot\SysNative\WindowsPowerShell\v1.0\powershell.exe"
$PsArgs = '-ExecutionPolicy', 'Bypass', '-File', $PSCommandPath
Is there any reason why trying to start the process would error out? This is starting from a non-elevated, 32-bit PowerShell process.
PS D:\Intune\Scripts> Start-Process -FilePath $PsPath -Verb RunAs -ArgumentList $PsArgs
Start-Process : This command cannot be run due to the error: The system cannot find the path specified.
At line:1 char:1
+ Start-Process -FilePath $PsPath -Verb RunAs -ArgumentList $PsArgs
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
If I remove "-Verb RunAs", I get a 64-bit instance, but it is not elevated.
If I use System32 instead of SysNative, I will get an elevated 32-bit instance.
This limitation is not making a lot of sense to me, so any insight is appreciated!
Windows for business | Windows Server | User experience | PowerShell
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rich Matheisen 47,901 Reputation points2024-12-12T20:03:28.83+00:00 -
Joel Kraft 1 Reputation point
2024-12-12T20:30:32.2933333+00:00 Huh?
SysNative is only available to 32-bit processes on a 64-bit OS.
-
Rich Matheisen 47,901 Reputation points
2024-12-13T02:36:38.4466667+00:00 You're correct. I don't know what I was thinking when I gave that answer.
The SysNative virtual directory is only available in a 32-bit process. But the system code that actually starts the new process and elevates the privilege is probably running in 64-bit mode.
From the 32-bit session try starting the elevated 64-bit process with the full path name (minus the "SysNative"):
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Sign in to comment -
-
MotoX80 36,291 Reputation points2024-12-13T13:31:54+00:00 This works interactively. I don't know about Intune though.
"Command path is $PSCommandPath" if ($env:PROCESSOR_ARCHITEW6432 -eq "AMD64") { "Running as 32, launching 64 bit instance." $PsPath = "$env:SystemRoot\SysNative\WindowsPowerShell\v1.0\powershell.exe" $PsArgs = '-ExecutionPolicy', 'Bypass', '-File', $PSCommandPath Start-Process -FilePath $PsPath -ArgumentList $PsArgs Start-Sleep -seconds 10 return } "We are running x64." if (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") -eq $false) { "We are not elevated." $PsPath = "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" $PsArgs = '-ExecutionPolicy', 'Bypass', '-File', $PSCommandPath Start-Process -FilePath $PsPath -ArgumentList $PsArgs -Verb RunAs Start-Sleep -seconds 10 return } "We are good to go." start-sleep -seconds 10 return-
Joel Kraft 1 Reputation point
2024-12-13T14:59:50.9333333+00:00 Yeah, I did end up breaking it up into two pieces like this, which works. I was just curious why it didn't work when combined into one.
-
MotoX80 36,291 Reputation points
2024-12-13T15:33:31.75+00:00 Must be something related to how "-verb runas" is implemented. Or the combination of runas and sysnative.
-
Rich Matheisen 47,901 Reputation points
2024-12-13T20:44:26.62+00:00 @MotoX80 In the 'PROCESSOR_ARCHITEW6432 -eq "AMD64"' branch of your code, the Start-Process is missing the "-Verb RunAs" combination. It's the presence of that parameter/value combination that was the problem in the question @Joel Kraft posted.
He's running a 32-bit PowerShell session and wants to start an elevated 64-bit PowerShell session.
-
MotoX80 36,291 Reputation points
2024-12-13T22:10:51.8333333+00:00 Yeah it's the "-verb runas" that causes the problem. It's like PS can't handle both "runas" and "Sysnative" at the same time. What I found is that I need to first get into x64 and then I can launch an elevated instance with -runas.
Sign in to comment -