Use Legacy Executable with PowerShell

Hello,

You can use legacy executable with PowerShell, you just need to take specific actions if you use complex arguments. Indeed, if you use “ipconfig.exe” it will work as expected:

Use Legacy Executable with PowerSell - IpConfig

Use Legacy Executable with PowerSell – IpConfig

You can also use some simple argument like “IpConfig /all”, it will work. When you start playing with more complex arguments like the ones needed for icacls.exe, it will fail :

Use Legacy Executable with PowerSell - IcaCls Failled

Use Legacy Executable with PowerSell – IcaCls Failled

The PowerShell engine seems to don’t understand the required syntax for IcaCls.exe. To get it work, you have several options.

Use Legacy Executable with PowerShell

–% Operator

The easiest one is the –% operator, you need to place it just after your executable :

icacls.exe --% test /grant Administrators:(D,WDAC)
Use Legacy Executable with PowerSell - IcaCls --%

Use Legacy Executable with PowerSell – IcaCls –%

cmd /c

The old-school one :

cmd /c "icacls.exe test /grant Administrators:(D,WDAC)"
Use Legacy Executable with PowerSell - IcaCls cmd c

Use Legacy Executable with PowerSell – IcaCls cmd c

Start-Process

The PowerShell way :

Start-Process -FilePath icacls.exe -ArgumentList 'test /grant Administrators:(D,WDAC)' -NoNewWindow
Use Legacy Executable with PowerSell - IcaCls Start-Processc

Use Legacy Executable with PowerSell – IcaCls Start-Processc

Invoke-Command

The use of Invoke-Command is handful for remote execution with the -ComputerName parameter :

Invoke-Command -ScriptBlock {icacls.exe "c:temptest /grant Administrators:(D,WDAC)"}
Use Legacy Executable with PowerSell - IcaCls Invoke-Command

Use Legacy Executable with PowerSell – IcaCls Invoke-Command

Invoke-Expression

This is the risky one, this cmdlet is susceptible to be used for code injection.

$Path = 'C:temptest'

Invoke-Expression -Command "icacls.exe $Path /grant 'Administrators:(D,WDAC)'"

As you can see, the cmdlet can take variable into the command to execute, this is why it’s a security risk.

Use Legacy Executable with PowerSell - IcaCls Invoke-Expression

Use Legacy Executable with PowerSell – IcaCls Invoke-Expression

Error Handling

You have some basic error handling available when using those methods, this is not as great as a “try/catch”, but it can help :

if($?){'Last OK'}else{'Last KO'}
Use Legacy Executable with PowerSell - Error Handling

Use Legacy Executable with PowerSell – Error Handling

Conclusion

Those examples are just a few of the many possible ways to use legacy executable with PowerShell. I think the easiest one is the –% operator. The basic error handling provided by the $? operator can help to keep track of the legacy executable result codes.

0 thoughts on “Use Legacy Executable with PowerShell

Leave a Reply