Running .bat file as admin while passing arguments - windows

I have a .bat file that call a third party application with some command line arguments added. Now I need this application to run as admin. I found an option to create shortcut to .bat file and then set it to run as admin, but then I am not able to pass command line arguments in this way.
I also found another option to do it as a .vbs script but I need to call this .vbs file from Run dialog and Run needs manually adding of extension for .vbs file.
What should I do in such case?

Take a look at this code:
#ECHO OFF
:: this tests if the file is running as admin
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (GOTO askAdmin)
GOTO gotAdmin
:askAdmin
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
::from this point you can execute your command as admin
If you put that at the top of your batch-file it gives the user a "execute as admin" prompt and restarts the current batch-file as admin

Related

How to Start the windows services using Batch script(Net Start command)

I want to Run the batch script to start the Windows service if it crashes, so i configured the Recovery service to run a program for the First failure, Second Failure and subsequent Failure
i have a script working if i click Run as administrator or manually clicks, but the same script is not working(Shows Access is denied) under Run a program option in Windows Service recovery
the service is running under the Network Service account which does not have admin privilege
script-
#echo on
setlocal
CD /D "C:\ServiceBatch"
set email="GUID#domain.com"
set service=LanmanWorkstation
set output=LanmanWorkstation.txt
set Subject=LanmanWorkstation
net start %service%
sc query %service% >%output%
if errorlevel 1 (
wmailto %email% -s"%service% Started Succesfully" -t%output%
)
self elevated script as admin
:: BatchGotAdmin (Run as Admin code starts)
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"
:: BatchGotAdmin (Run as Admin code ends)

Change BitLocker Pin with Batch File

I work in the IT department of our organization. When a remote employee leaves the company we would like our automation tool (K1000) to push a batch file command to force change the BitLocker pin and reboot the computer. I wrote a batch file to change the PIN. It goes as far in command prompt to request a new pin but I can't get the batch to actually to accept the password.
In the below example, it just stays waiting for user input, any thoughts?
I'm hoping to use this for Windows 7 and 10.
#echo off
call :isAdmin
if %errorlevel% == 0 (
goto :run
) else (
echo Requesting administrative privileges...
goto :UACPrompt
)
exit /b
:isAdmin
fsutil dirty query %systemdrive% >nul
exit /b
:run
manage-bde -changepin c:
%SendKeys% "helloworld{ENTER}"
%SendKeys% "helloworld{ENTER}"
exit /b
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %~1", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B

Copying a file from local folder to "C:\Windows\System32\" using batch file

I am writing an application which uses batch file to copy some files to another location. I am using 64-bit windows 7.
I have asked for admin privileges too using below code:
Code block to get ADMIN right:
#echo off
:: BatchGotAdmin (Run as Admin code starts)
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
)
else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"
:: BatchGotAdmin (Run as Admin code ends)
:: Your codes should start from the following line
Code to copy a file to system32 folder:
copy /d /Y "D:\opt\optPath.txt" "C:\Windows\System32\"
There is no error in copy operation, but the file is copied to "C:\Windows\SysWOW64" location automatically. Need help.
Try using:
#echo off
:: Batch-Admin API
net file>nul 2>&1&&if "%~1"=="64" (goto:GotAdmin) else (if exist "%windir%\Sysnative\" (call start %windir%\Sysnative\cmd /c "%~0" 64&exit) else (goto:GotAdmin))
echo Requesting administrative privileges...
(echo Set UAC = CreateObject^("Shell.Application"^)
echo UAC.ShellExecute "%~s0", "ELEV","", "runas", 0 ) > "%temp%\admin.vbs"
cscript /Nologo "%temp%\admin.vbs"&exit
:GotAdmin
:: Place ADMIN tasks below
copy /d /Y "D:\opt\optPath.txt" "C:\Windows\System32\"
pause
exit
I modified rewrote your script to:
Use an alternative way to check for admin permissions net file && echo Admin || echo No-admin
Added 64-bit launcher VBScript launches everything as 32-bit (redirecting C:\Windows\System32 to C:\Windows\SysWOW64).
64-Bit launcher:
call start %WinDir%\SysNative\cmd /c %0 (This window is hidden)

How to write a batch file can run parameters as command with administrative privileges?

The question is different from How can I auto-elevate my batch file, so that it requests from UAC administrator rights if required?
since there will be some problems when passing arguments to a batch file which has the code of acquiring administrative privileges.
After the privileges have been obtained, the arguments is lost and become undefined.
I solve this problem by storing the arguments to a file first, please see detail in my answer.
Say the require batch file is run_as_admin.bat,
By running run_as_admin.bat your_command your_params we can execute the command with administrative privileges (e.g. run_as_admin delete /path/to/system_file).
To run parameters as command, run_params_as_cmd.bat
%*
pause
To get administrative privileges, I find some code
from http://larrynung.github.io/2014/01/01/batch-run-as-administrator/
Then I tried the following code run_as_admin.bat:
#echo off
call:TryToRunAsAdmin
if %ERRORLEVEL%==1 exit /B
echo got administrative privileges...
:: run parameters as command <<< Here '%*' seems not be executed as a command.
%*
pause
goto :eof
:TryToRunAsAdmin
set GetAdminScriptFile="%temp%\getadmin.vbs"
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
call:UACPrompt
set ERRORLEVEL=1
) else (
if exist %GetAdminScriptFile% ( del %GetAdminScriptFile% )
set ERRORLEVEL=0
)
goto :eof
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > %GetAdminScriptFile%
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> %GetAdminScriptFile%
call %GetAdminScriptFile%
goto :eof
To test that code, I tried some command which needs admin privileges
run_as_admin.bat reg add "HKLM\SOFTWARE\Classes\.php" /v PerceivedType /d text
run_as_admin.bat %SystemRoot%\system32\drivers\etc\hosts_old.txt
but these commands seem to be not executed but ignored as a string.
I guess the problem is related to the code, is there any other ways to
write a batch file can run parameters as a command with administrative privileges?
The arguments passing to run_as_admin.bat will gone when requesting administrative privileges.
So you need to store the arguments first.
Here is the solution:
#echo off
SET commandline=%*
:: store it to file
echo %commandline% > "__temp__.bat"
:: BatchGotAdmin
:-------------------------------------
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:gotAdmin
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------
:: execute command administrative privileges with and then delete the temp file
call "__temp__.bat"
del "__temp__.bat"
pause

Run bat file as administrator but shown on user's profile

I wrote this script to run a file remotely on another computer, however I would like to run it as an administrator user but for it to be shown on the user's computer. How do I run a script as administrator remotely but to show it on the user's profile?
#echo off
color 0a
SET /p ComputerName=ComputerName:
SET /p UserName=Please enter the username:
SET /p UserNamePassword=Please enter Username Password:
tasklist /s \\%ComputerName% /u %UserName% /p %UserNamePassword% /FI "memusage gt 200000"
SET /p Value=would you like to continue? Press 1 if yes.Press 2 to exit:
IF %Value% EQU 1 pushd \\NetworkPath & copy batfile.bat \\%ComputerName%\c$\Users\%UserName%\Desktop & popd & psexec -i -s -d \\%ComputerName% -u %UserName% -p %UserNamePassword% "C:\Users\%UserName%\Desktop\batfile.bat"
IF %Value% EQU 2 exit
You could try using the command line nircmd elevate "the path of your program.bat" to start the program. Or you could create another .bat file reading this:
nircmd elevate "the path of your program.bat"
exit
To open your main program, just open this second .bat program and it will open your main program as the administrator and then close itself out.
Nircmd is not a default windows command. You would have to download it from this website by clicking on the "Download NirCmd" button on the bottom of the webpage. Choose to save this .zip file, and when it is done, extract it. Then only copy the file "nircmd.exe" into your "system32" directory or %systemroot%. Now nircmd is part of the commands you can use in "cmd.exe".
I have nircmd on my computer, if you have trouble trusting it. It is a very useful tool to have. The above link also has a list of all of the functions and their descriptions.
You could also use this to make a batch-file run as admin:
SET ADMIN=0
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (GOTO askAdmin)
SET ADMIN=1
GOTO gotAdmin
:askAdmin
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
Put that at the top of your batch-file

Resources