SadProcessor/Invoke-AsTrustedInstallerJob.ps1

## Invoke-AsTrustedInstallerJob.ps1
function Invoke-AsTrustedInstallerJob{
    [Alias('TIJob')]
    Param(
        [Parameter()][Scriptblock]$Scriptblock,
        [Parameter()][String]$UserID=$("$Env:ComputerName\$Env:UserName"),
        [Parameter()][String]$TaskName='TIJob'
        )
    # IsAdmin??
    $IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
    if(-Not$IsAdmin){Write-Warning "Must be admin";Return}
    # Default/test
    if(-Not$Scriptblock){
        $Scriptblock = {[PSCustomObject]@{
            IsName  = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name).split('\')[1]
            IsAdmin = $(New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
            IsSystem  = $([System.Security.Principal.WindowsIdentity]::GetCurrent().IsSystem)
            IsTI = $([System.Security.Principal.WindowsIdentity]::GetCurrent().groups.value -contains "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464")
            } | export-Csv  C:\Users\TIJob.txt -NoTypeInformation -Force
        }}
    # Run as TI
    $Jobs = '\Microsoft\Windows\PowerShell\ScheduledJobs'
    $SP   = New-ScheduledTaskPrincipal -UserId $UserId -RunLevel Highest
    $Null = Register-ScheduledJob -Name $taskName -ScriptBlock $ScriptBlock
    $Null = Set-ScheduledTask -TaskPath $Jobs -TaskName $taskName -Principal $SP
    $svc  = New-Object -ComObject 'Schedule.Service'; $svc.Connect()
    $Tsk  = ($svc.GetFolder($Jobs)).GetTask($TaskName)
    $Null = $tsk.RunEx($null,0,0,'NT SERVICE\TrustedInstaller')
    while($tsk.state -ne 3){Sleep -m 500}; $tsk.Stop(0)
    Unregister-ScheduledJob $TaskName -Confirm:$false
    }
	function Invoke-AsTrustedInstallerJob{
	[Alias('TIJob')]
	Param(
	[Parameter()][Scriptblock]$Scriptblock,
	[Parameter()][String]$UserID=$("$Env:ComputerName\$Env:UserName"),
	[Parameter()][String]$TaskName='TIJob'
	)
	# IsAdmin??
	$IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
	if(-Not$IsAdmin){Write-Warning "Must be admin";Return}
	# Default/test
	if(-Not$Scriptblock){
	$Scriptblock = {[PSCustomObject]@{
	IsName = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name).split('\')[1]
	IsAdmin = $(New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
	IsSystem = $([System.Security.Principal.WindowsIdentity]::GetCurrent().IsSystem)
	IsTI = $([System.Security.Principal.WindowsIdentity]::GetCurrent().groups.value -contains "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464")
	} \| export-Csv C:\Users\TIJob.txt -NoTypeInformation -Force
	}}
	# Run as TI
	$Jobs = '\Microsoft\Windows\PowerShell\ScheduledJobs'
	$SP = New-ScheduledTaskPrincipal -UserId $UserId -RunLevel Highest
	$Null = Register-ScheduledJob -Name $taskName -ScriptBlock $ScriptBlock
	$Null = Set-ScheduledTask -TaskPath $Jobs -TaskName $taskName -Principal $SP
	$svc = New-Object -ComObject 'Schedule.Service'; $svc.Connect()
	$Tsk = ($svc.GetFolder($Jobs)).GetTask($TaskName)
	$Null = $tsk.RunEx($null,0,0,'NT SERVICE\TrustedInstaller')
	while($tsk.state -ne 3){Sleep -m 500}; $tsk.Stop(0)
	Unregister-ScheduledJob $TaskName -Confirm:$false
	}