$command = "<%= options[:command] %>" + '; exit $LASTEXITCODE' $user = '<%= options[:username] %>' $password = '<%= options[:password] %>' $task_name = "WinRM_Elevated_Shell" $out_file = "$env:SystemRoot\Temp\WinRM_Elevated_Shell.log" if (Test-Path $out_file) { del $out_file } $task_xml = @' {user} Password HighestAvailable IgnoreNew false false true false false false false true true false false false PT2H 4 cmd {arguments} '@ $bytes = [System.Text.Encoding]::Unicode.GetBytes($command) $encoded_command = [Convert]::ToBase64String($bytes) $arguments = "/c powershell.exe -EncodedCommand $encoded_command > $out_file 2>&1" $task_xml = $task_xml.Replace("{arguments}", $arguments) $task_xml = $task_xml.Replace("{user}", $user) $schedule = New-Object -ComObject "Schedule.Service" $schedule.Connect() $task = $schedule.NewTask($null) $task.XmlText = $task_xml $folder = $schedule.GetFolder("\") $folder.RegisterTaskDefinition($task_name, $task, 6, $user, $password, 1, $null) | Out-Null $registered_task = $folder.GetTask("\$task_name") $registered_task.Run($null) | Out-Null $timeout = 10 $sec = 0 while ( (!($registered_task.state -eq 4)) -and ($sec -lt $timeout) ) { Start-Sleep -s 1 $sec++ } function SlurpOutput($out_file, $cur_line) { if (Test-Path $out_file) { get-content $out_file | select -skip $cur_line | ForEach { $cur_line += 1 Write-Host "$_" } } return $cur_line } $cur_line = 0 do { Start-Sleep -m 100 $cur_line = SlurpOutput $out_file $cur_line } while (!($registered_task.state -eq 3)) $exit_code = $registered_task.LastTaskResult [System.Runtime.Interopservices.Marshal]::ReleaseComObject($schedule) | Out-Null exit $exit_code