I am currently logged into my system as administrator, and run power1.ps1 code to call another power2.ps1 script in elevated mode.

$command = "C:\script\Power2.ps1"

Invoke-Expression $command

power2.ps1 includes the block to run the script with admin privileges, but my problem is I that I get a UAC pop-up dialog asking for confirmation where I have to click on Yes.

Code in Power2.ps1

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))

{   
$arguments = "& '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}

Write-Host "Admin Privilege Code Here"

Is there any way I can completely automate the process? I will not be able to change the UAC access to disable.

Trying to simulate a user's response to a UAC (User Account Control) dialog not only shouldn't be done - because it defeats the entire purpose of UAC - it, in fact, cannot be done (if it could be done, that would be a serious bug exploitable by malware and is certainly not something to rely upon; similarly, while it is possible to disable UAC altogether (which itself requires administrative privileges), doing so is strongly discouraged for security reasons).

With UAC in effect:

• The only secure way to avoid a UAC dialog in direct invocation is if the calling process itself is already running with elevation (e.g. if it was started with the Run as administrator shortcut-menu command). Obviously that just shifts the point in time when a UAC dialog must be answerd.

• There are two insecure alternatives, both of which only work if the calling user is an administrator in principle:

  • A convenient, but ill-advised option is to modify the UAC settings to not require a UAC prompt when an administrator requests elevation, i.e. to automatically grant the request - see this answer for details. This is ill-advised, because any malicious code that manages to run in a non-elevated administrator session can then quietly execute elevated operations.

  • A less insecure option is to use a scheduled task to bypass UAC for a given command and allow calling that task on demand, as detailed below. This is less insecure in that it limits what malicious code can do to the specific operation defined in the task.

Using a run-on-demand aux. scheduled task:

• Create an auxiliary scheduled task that invokes your Power2.ps1 script and is configured to run elevated.

  • In the Task Scheduler (taskschd.msc) UI that means: Run with highest privilege must be checked (tab General) and also Allow task to be run on demand (tab Settings).

  • The task must be configured to run in the context of the same user account that it will be on-demand invoked from, and that user account must be a member of the Administrators group.

    • Note that configuring the task to run for any member of the Administrators group is not an option, because that - surprisingly - prevents non-elevated on-demand invocation from any administrator other than the one that created the task.

  • Be sure to limit the task to a specific operation, to minimize the exposure.

• Use Start-ScheduledTask <task-path> (or schtasks.exe /Run /TN <task-path>) to invoke this task on demand, from the same account that the task is configured for, as noted.

  • Start-ScheduledTask (as well as schtasks.exe /Run) runs asynchronously, so for synchronous invocation more work is needed - see this article.

    • Note that using -AsJob to return a job whose completion can be waited for with Wait-Job unfortunately appears not to help (as of Windows PowerShell 5.1 / PowerShell 7.2.1): the job is reported as completed before the task's command has terminated.

  • Also, the task's command invariably runs in a new console window (if the executable invoked is a console application).