Script that runs "reg add" as admin - cmd

I need help in making a script (bat, vbs, whatever) that runs at startup as a different user (admin) the following command:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome /f /v RestoreOnStartup /t REG_DWORD /d 1
I've tried combining that with "runas /savecred /user:administrator", without any success..
Background
On my work computer, in Chrome, the Startup Options are disabled. The only way to change them is through the registry, but after every restart, it reverts back to its original form (Continue where left off disabled).
So I would like a script that does enables it every time, so I don't have to do it manually.

If you have default settings use RunAs with the administrator account, except it will be disabled (but if it isn't is will run elevated as if standard settings apply).
This is a security not a programming question.
net user administrator /active:yes
You then have to allow logon with blank password in Local Security Policy.
Then
runas /user server\administrator "notepad.exe \"c:\windows\win.ini\""
The server is YOUR computer name.
I just turn offf UAC.

Related

How can i change values in Windows registy without admin permissions

i want to automate something, but it only works if i manually accept the uac window, so i tried to change the registry value with this commads:
c:\Windows\System32\cmd.exe /k c:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
But it only works if i run the cmd as administrator. So again i need to accept the uac window to deactivate the uac windows...
Is there a good way to make this with a script ore something like that, or is there a bypass solution? (for automation puroses)
If you want to modify a registry hive without administrative privileges, you have to do it offline1.
To do so, you can boot into WinRE and then use regedit to modify your hives offline. You can also remove your hard disk and put it into another computer where you have administrative privileges and modify it there.
You can find an example here.
1 Offline in this case means, the hives are not mounted. Or in other words, the Windows installation is not running.

Running the .bat batch file in administrator mode

Iam trying to synch certain computers to a TimeServer within the network, hence i've written a simple batch script to do the task. I've put into our WDS server.
How do i run it in administrator mode.
If i open the cmd prompt as administrator it starts with "C:\Windows\System32\"
this is where i want to run so how do i achieve it.I dont want to schedule it nor i want to use RMB Click and select "Run as Administrator"
OS: Win 2012R2
My batch file contains.
reg add HKLM\SYSTEM\CurrentControlSet\services\w32time\Config /v MaxNegPhaseCorrection /t REG_DWORD /d 0xffffffff /f
reg add HKLM\SYSTEM\CurrentControlSet\services\w32time\Config /v MaxPosPhaseCorrection /t REG_DWORD /d 0xffffffff /f
w32tm /config /syncfromflags:manual /manualpeerlist:"132.186.XX.XX 132.186.127.XX 132.186.192.XX 132.186.XXX.XX" /largephaseoffset:120000
net stop w32time
net start w32time
w32tm /resync
Thanks in Advance
Create a shortcut to the batch file.
Right click on the shortcut, go to properties -> shortcut tab -> advanced.
Tick run as adminstrator
Add this to the start of your batch file:
runas.exe /savecred /user:#administratoraccount# "%windir%/System32/cmd.exe"
Replace #administratoraccount# with the username of an admin.
The first time you run it, it will ask for the password of that admin account. Enter it. Unless the password is removed from the windows credential locker or the password or username of that admin is changed or the username is disabled, whenever the batch file is run from then on, it will automatically run cmd.exe as administrator.

How to add program to Windows startup

I want that, when my program runs, it adds itself to Windows startup (if it doesn't exist there).
I tried this:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mycompany /d C:\ProgramFiles\mycompany\demo.exe /f
I also tried to copy the shortcut of the program to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
But, I need administrator privileges for both. What should I do?
I need administrator privileges for both. What should I do?
If you want your app to run for all users with a single installation, you need to install it as an admin so you can update the global users profile. So either make a separate installer that runs with admin rights, or make your app run an elevated copy of itself so it can gain temporary admin rights when it needs to access the global profile.
The only way to avoid that is to have each user run the app separately so it can install itself into each individual user's profile. You don't need admin rights for that.
You can change to:
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mycompany /d C:\ProgramFiles\mycompany\demo.exe /f
Which should be able to write to that part of the registry
The HKLM key has read access for standard users by default. Whereas the HKCU key has write access for the currently logged in user.
If you want the program to run for all users then you could run a setup program with administrator privileges. Usually, you would run installers as administrator or equivalent on Windows.

How do I automatically launch a non-Surface application in Windows Embedded 8?

How do I automatically launch a non-Surface application in Windows Embedded 8?
I want to automatically launch a GUI application on startup in Windows Embedded 8, but I can't figure out how to do it. I've been reading Sean Liming's Professional's Guide to Windows Embedded 8 Standard, and in chapter 8 he describes how to modify the device experience. He names how there is a Windows 8 Application launcher, but for Surface apps only. He also describes a Shell Launcher module, but my app is not a shell. He also mentions a shell he wrote here, but reading through its documentation, it doesn't describe how to automatically launch a program within that shell.
As far as I can tell, he doesn't describe how to automatically launch a non-Surface application anywhere, and Google and Stack Exchange get me no results (it doesn't help that most results come back as merely Windows 8, and not Windows Embedded 8). Or am I mistaken? Is Shell Launcher sufficient to launch a non-shell app? Does the app launched become the "shell", in effect?
Side note: It's probably worth mentioning that the app I want to launch is a Java app. I will be including the module-based Java JRE installer as mentioned in the book, but if there are any other provisos to launching a Java app in WE8S, please comment.
Thanks for your time and feedback!
This works for both Windows Embedded Standard 7 and Windows Embedded 8 Standard:
I normally install Windows Embedded Standard with the standard shell. In WE8S this would be the Metro UI. Once installation and configuration is complete, and your application runs successfully, I use registry entries to modify the application launched on startup.
Custom user-specific shell
As an example, to launch VLC media player as the shell, and play media files in a folder on the d:\ e.g d:\media in a continuous loop, I use the below in a .bat file, running as administrator.
This must be run while logged into the user that will launch the custom shell
Create a new .bat file:
in Windows Explorer, Select "File" -> "New" -> "Text Document"
Rename "New Text Document.txt" to custom_shell.bat
Paste the below into the file
Save the file
Right click the file -> "Run as Administrator"
c:\Windows\system32\reg.exe DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f
c:\Windows\system32\reg.exe ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d explorer.exe
c:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "c:\program files\vlc\vlc.exe -f --loop ""d:\media"""
c:\Windows\system32\reg.exe DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot" /v Shell /f
c:\Windows\system32\reg.exe ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot" /v Shell /t REG_SZ /d "USR:Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
pause
This modifies the shell for the !Current User! (i.e. the logged on user) to launch VLC.exe on logon. (I use reg.exe because some slimmed down installations might not have regedit.exe included)
This means that you can still access the full user interface when logging on as the administrator user (via safe mode if Administrator profile is normally disabled), since the shell for all other users is still the explorer shell.
Launching the explorer shell from within the custom shell
You can still launch the explorer shell with the metro UI when the user with the custom shell is logged on. To launch the explorer shell from the user running the VLC (custom) shell:
Start the task manager (CTRL+SHIFT+ESC)
Click on the "Advanced" button at the bottom of the task manager
Select "File" -> "New Task (Run...)" from the menu bar
Enter "Explorer.exe" (This start the explorer service)
Repeat the above steps again (This will lauch an instance of Windows Explorer)
The Metro UI should be usable then
Java application as a shell
More to the point, in order to run your java app, change the below entry in the above .bat
from:
c:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "c:\program files\vlc\vlc.exe -f --loop ""d:\media"""
to
c:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "java [any other JVM options you need to give it] -jar "path\jar-file-name.jar""
If your java app does not include a manifest the above will not work!
Try this (I have not tested this):
java -cp jar-file-name.jar full.package.name.ClassName
Revert to the Explorer (default shell) i.e. Undo user-specific shell
To undo the shell changes for the user i.e. revert back to original settings:
!This must be run while logged into the user with the custom shell!
Create a new .bat file:
in Windows Explorer, Select "File" -> "New" -> "Text Document"
Rename "New Text Document.txt" to default_shell.bat
Paste the below into the file
Save the file
Right click the file -> "Run as Administrator"
c:\Windows\system32\reg.exe DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f
c:\Windows\system32\reg.exe ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d explorer.exe
c:\Windows\system32\reg.exe DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot" /v Shell /f
c:\Windows\system32\reg.exe ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot" /v Shell /t REG_SZ /d "SYS:Microsoft\Windows NT\CurrentVersion\Winlogon"
c:\Windows\system32\reg.exe DELETE "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f
pause
User Auto Logon:
You can configure Windows to automatically log onto a specific user profile.
Start > Search > netplwiz
OR [Windows Key + R] > netplwiz
A ‘User Account’ window will open. Highlight the account you want to automatically load when Windows starts.
Uncheck the box above it titled “Users must enter a user name and password to use this computer.”
Click OK.
You will be prompted to confirm the operation by entering your password.
Enter your password to complete the change.
The next time you start up Windows, the user account you selected will automatically be loaded
Things to consider
Play around, but use a test environment if possible
If you can launch the shell, so can someone else. Use the keyboard filter to filter out known key combinations, and create one only you, and perhaps the service technicians will know.
Remove admin rights for the user with the custom shell
Use the Unified Write Filter (or Enhanced Wright Filter/File Based Write Filter). Un-protect only when making changes.
A big THANK YOU to Sean Liming and the work that does - he inspired this.
Mark Böhmer
Windows Embedded Specialist
South Africa

How to open an elevated cmd using command line for Windows?

How do I open a elevated command prompt using command lines on a normal cmd?
For example, I use runas /username:admin cmd but the cmd that was opened does not seem to be elevated! Any solutions?
I ran into the same problem and the only way I was able to open the CMD as administrator from CMD was doing the following:
Open CMD
Write powershell -Command "Start-Process cmd -Verb RunAs" and press Enter
A pop-up window will appear asking to open a CMD as administrator
I don't have enough reputation to add a comment to the top answer, but with the power of aliases you can get away with just typing the following:
powershell "start cmd -v runAs"
This is just a shorter version of user3018703 excellent
solution:
powershell -Command "Start-Process cmd -Verb RunAs"
Simple way I did after trying other answers here
Method 1: WITHOUT a 3rd party program (I used this)
Create a file called sudo.bat (you can replace sudo with any name you want) with following content
powershell.exe -Command "Start-Process cmd \"/k cd /d %cd%\" -Verb RunAs"
Move sudo.bat to a folder in your PATH; if you don't know what that means, just move these files to c:\windows\
Now sudo will work in Run dialog (win+r) or in explorer address bar (this is the best part :))
Method 2: WITH a 3rd party program
Download NirCmd and unzip it.
Create a file called sudo.bat (you can replace sudo with any name you want) with following content
nircmdc elevate cmd /k "cd /d %cd%"
Move nircmdc.exe and sudo.bat to a folder in your PATH; if you don't know what that means, just move these files to c:\windows\
Now sudo will work in Run dialog (win+r) or in explorer address bar (this is the best part :))
According to documentation, the Windows security model...
does not grant administrative privileges at all
times. Even administrators run under standard privileges when they
perform non-administrative tasks that do not require elevated
privileges.
You have the Create this task with administrative privileges option in the Create new task dialog (Task Manager > File > Run new task), but there is no built-in way to effectively elevate privileges using the command line.
However, there are some third party tools (internally relying on Windows APIs) you can use to elevate privileges from the command line:
NirCmd:
Download it and unzip it.
nircmdc elevate cmd
windosu:
Install it: npm install -g windosu (requires node.js installed)
sudo cmd
I use nirsoft programs (eg nircmdc) and sysinternals (eg psexec) all the time. They are very helpful.
But if you don't want to, or can't, dl a 3rd party program, here's another way, pure Windows.
Short answer: you can while elevated create a scheduled task with elevated privileges which you can then invoke later while not elevated.
Middle-length answer: while elevated create task with (but I prefer task scheduler GUI):
schtasks /create /sc once /tn cmd_elev /tr cmd /rl highest /st 00:00
Then later, no elevation needed, invoke with
schtasks /run /tn cmd_elev
Long answer: There's a lot of fidgety details; see my blog entry "Start program WITHOUT UAC, useful at system start and in batch files (use task scheduler)"
The following as a batch file will open an elevated command prompt with the path set to the same directory as the one from where the batch file was invoked
set OLDDIR=%CD%
powershell -Command "Start-Process cmd -ArgumentList '/K cd %OLDDIR%' -Verb RunAs "
While both solutions provided by Dheeraj Bhaskar work, unfortunately they will result in the UAC dialog showing up on top (z-order-wise) but not getting focused (the focused window is the caller cmd/powershell window), thus I either need to grab the mouse and click "yes", or to select the UAC window using Alt+Shift+Tab. (Tested on Win10x64 v1607 build14393.447; UAC = "[...] do not dim [...]".)
The following solution is a bit awkward as it uses two files, but it preserves the correct focus order, so no extra mouse / keyboard actions are required (besides confirming the UAC dialog: Alt+Y).
cmdadm.lnk (shortcut properties / Advanced... / Run as administrator = ON)
%SystemRoot%\System32\cmd.exe /k "cd /d"
su.bat
#start cmdadm.lnk %cd%
Run with su.
Make the batch file save the credentials of the actual administrator account by using the /savecred switch. This will prompt for credentials the first time and then store the encrypted password in credential manager. Then for all subsequent times the batch runs it will run as the full admin but not prompt for credentials because they are stored encrypted in credential manager and the end user is unable to get the password. The following should open an elevated CMD with full administrator privileges and will only prompt for password the first time:
START c:\Windows\System32\runas.exe /user:Administrator /savecred cmd.exe
My favorite way of doing this is using PsExec.exe from SysInternals, available at http://technet.microsoft.com/en-us/sysinternals/bb897553
.\psexec.exe -accepteula -h -u "$username" -p "$password" cmd.exe
The "-h" switch is the one doing the magic:
-h If the target system is Vista or higher, has the process run with the account's elevated token, if available.
I've been using Elevate for awhile now.
It's description - This utility executes a command with UAC privilege elevation. This is useful for working inside command prompts or with batch files.
I copy the bin.x86-64\elevate.exe from the .zip into C:\Program Files\elevate and add that path to my PATH.
Then GitBash I can run something like elevate sc stop W3SVC to turn off the IIS service.
Running the command gives me the UAC dialog, properly focused with keyboard control and upon accepting the dialog I return to my shell.
Dheeraj Bhaskar's method with Powershell has a missing space in it, alt least for the Windows 10 incarnation of Powershell.
The command line inside his sudo.bat should be
powershell.exe -Command "Start-Process cmd \"/k cd /d %cd% \" -Verb RunAs"
Note the extra space after %cd%
;)Frode
Similar to some of the other solutions above, I created an elevate batch file which runs an elevated PowerShell window, bypassing the execution policy to enable running everything from simple commands to batch files to complex PowerShell scripts. I recommend sticking it in your C:\Windows\System32 folder for ease of use.
The original elevate command executes its task, captures the output, closes the spawned PowerShell window and then returns, writing out the captured output to the original window.
I created two variants, elevatep and elevatex, which respectively pause and keep the PowerShell window open for more work.
https://github.com/jt-github/elevate
And in case my link ever dies, here's the code for the original elevate batch file:
#Echo Off
REM Executes a command in an elevated PowerShell window and captures/displays output
REM Note that any file paths must be fully qualified!
REM Example: elevate myAdminCommand -myArg1 -myArg2 someValue
if "%1"=="" (
REM If no command is passed, simply open an elevated PowerShell window.
PowerShell -Command "& {Start-Process PowerShell.exe -Wait -Verb RunAs}"
) ELSE (
REM Copy command+arguments (passed as a parameter) into a ps1 file
REM Start PowerShell with Elevated access (prompting UAC confirmation)
REM and run the ps1 file
REM then close elevated window when finished
REM Output captured results
IF EXIST %temp%\trans.txt del %temp%\trans.txt
Echo %* ^> %temp%\trans.txt *^>^&1 > %temp%\tmp.ps1
Echo $error[0] ^| Add-Content %temp%\trans.txt -Encoding Default >> %temp%\tmp.ps1
PowerShell -Command "& {Start-Process PowerShell.exe -Wait -ArgumentList '-ExecutionPolicy Bypass -File ""%temp%\tmp.ps1""' -Verb RunAs}"
Type %temp%\trans.txt
)
..
#ECHO OFF
SETLOCAL EnableDelayedExpansion EnableExtensions
NET SESSION >nul 2>&1
IF %ERRORLEVEL% NEQ 0 GOTO ELEVATE
GOTO :EOF
:ELEVATE
SET this="%CD%"
SET this=!this:\=\\!
MSHTA "javascript: var shell = new ActiveXObject('shell.application'); shell.ShellExecute('CMD', '/K CD /D \"!this!\"', '', 'runas', 1);close();"
EXIT 1
save this script as "god.cmd" in your system32 or whatever your path is directing to....
if u open a cmd in e:\mypictures\ and type god
it will ask you for credentials and put you back to that same place as the administrator...
There seem to be a lot of really creative solutions on this, but I found Stiegler & Gui made the most sense to me. I was looking into how I could do this, but using it in conjunction with my domain admin credential, instead of relying on the local permissions of the "current user".
This is what I came up with:
runas /noprofile /user:DomainName\UserName "powershell start cmd -v runas"
It may seem redundant, but it does prompt for my admin password, and does come up as an elevated command prompt.
Here is a way to integrate with explorer.
It will popup a extra menu item when you right-click in any folder within Windows Explorer:
Here are the steps:
Create this key: \HKEY_CLASSES_ROOT\Folder\shell\dosherewithadmin
Change its Default value to whatever you want to appear as the menu item text.
E.g. "DOS Shell as Admin"
Create another key: \HKEY_CLASSES_ROOT\Folder\shell\dosherewithadmin\command
and change its default value to this:
powershell.exe -Command "Start-Process -Verb RunAs 'cmd.exe' -Args '/k pushd "%1"'"
Done. Now right-click in any folder and you will see your item there within the other items.
*we use pushd instead of cd to allow it to work in any drive. :-)
For fans of Cygwin:
cygstart -a runas cmd
When a CMD script needs Administrator rights and you know it, add this line to the very top of the script (right below #ECHO OFF):
NET FILE > NUL 2>&1 || POWERSHELL -ex Unrestricted -Command "Start-Process -Verb RunAs -FilePath '%ComSpec%' -ArgumentList '/c \"%~fnx0\" %*'" && EXIT /b
The NET FILE checks for existing Administrator rights. If there are none, PowerShell restarts the current script (with its arguments) in an elevated shell, and the non-elevated script closes.
To allow running scripts -ex Unrestricted is necessary.
-Command executes the following string.
Start-Process -Verb RunAs runs a process As Administrator:
the shell (%ComSpec%, usually C:\Windows\System32\cmd.exe) starting (/c) the current script (\"%~fnx0\") passing its arguments (%*).
Maybe not the exact answer to this question, but it might very well be what people need that end up here.
The quickest way by far is to:
CTRL+ALT+DELETE
Run TASK MANAGER
Click FILE > Run New Task > type in "cmd" and tick the "Create this task with administrative privileges." box.
Not sure if this helps but this is how I managed to do it. Doesn't help if you need a command to run from batch but hey-ho ... I needed this just because windows explorer is corrupted and needed to fix it.
This is my workaround. Hope this helps someone if not the original poster.
A little late for an answer but answering anyway for latecomers like me.
I have two approaches. First one is based on little alteration to #Dheeraj Bhaskar's answer and second one is new(that is not mentioned in any answer here).
Approach 1: Create a admin command for windows(just for the sake of flexibility).
#ECHO OFF
powershell -Command "Start-Process %1 -Verb RunAs"
Open notepad -> copy/paste above script -> save it as admin.bat in c:\windows
A lot can be added in the above script to make it better but I've tried to keep it simple and also because I'm not an expert in batch scripting.
Now you can use admin as command to run any other command or application with elevated privileges.
To answer the original question- type admin cmd in standard cmd.
Approach 2:Using runas command. For this we need to enable the built-in Administrator account if not already enabled and set a password. This account is disabled by default on most systems.
When manufacturing PCs, you can use the built-in Administrator account to run programs and apps before a user account is created. Source
Steps to enable Administrator account-
Hit Windows+R and type compmgmt.msc which will open Computer Management window.
Go to System Tools -> Local Users and Groups -> Users
You should see an account with name Administrator here(more info about this account can be found here).
Right click on Administrator and select Properties.
Check Password never expires. Uncheck Account is Disabled and everything else then click OK. This will enable administrator account on your system. Skip if already enabled.
Again Right click on Administrator and click on Set Password(by default it has no password set but for runas command to work we need to set a password).
Now windows will show you a life threatening warning which you can accept.
OR If you want to play safe then you should login into it after enabling this account and set a password from there.
Now runas command should work-
Start a standard cmd and type-
runas /user:administrator cmd
EXTRA:
Now we can create something similar to Linux's sudo command. Create a sudo.bat file with following script and save it in c:\windows.
#ECHO OFF
powershell -Command "runas /user:administrator %1"
Now we can do sudo cmd
I did this for my smartctl, and it became a portable App.
I borrowed it from here.
#echo off
set location=%cd%\bin
powershell -Command "Start-Process cmd -Verb RunAs -ArgumentList { '/k "TITLE Smartctl" & color 07 & pushd "%location%" & prompt $g & echo "Welcome to Smartctl cmd"' }"
prompt $g hides the long leading path.
pushd "%location%" is similar to cd /d "%location%"
Saved as smartctl.cmd
Create a shortcut for smartctl.cmd
Copy the shortcut to C:\Users\#YourName#\AppData\Roaming\Microsoft\Windows\StartMenu\Programs
Click search next to the start menu and input smartctl
Right click Pin to Start
Just use the command:
runas /noprofile /user:administrator cmd
Use:
start, run, cmd, then control+shift+enter
You'll get UAC and then an elevated command shell.
Install gsudo tool and use gsudo command. UAC popup appears and eventually command prompt right in the current console window will be elevated:
C:\Users\Someone>net session
System error 5 has occurred.
Access is denied.
C:\Users\Someone>gsudo
C:\Users\Someone# net session
There are no entries in the list.
The tool can be installed using various package managers (Scoop, WinGet, Chocolatey).
Can use a temporary environment variable to use with an elevated shortcut (
start.cmd
setx valueName_betterSpecificForEachCase %~dp0
"%~dp0ascladm.lnk"
ascladm.lnk (shortcut)
_ properties\advanced\"run as administrator"=yes
(to make path changes you'll need to temporarily create the env.Variable)
_ properties\target="%valueName_betterSpecificForEachCase%\ascladm.cmd"
_ properties\"start in"="%valueName_betterSpecificForEachCase%"
ascladm.cmd
setx valueName_betterSpecificForEachCase=
reg delete HKEY_CURRENT_USER\Environment /F /V valueName_betterSpecificForEachCase
"%~dp0fileName_targetedCmd.cmd"
) (targetedCmd gets executed in elevated cmd window)
Although it is 3 files ,you can place everything (including targetedCmd) in some subfolder (do not forget to add the folderName to the patches) and rename "start.cmd" to targeted's one name
For me it looks like most native way of doing this ,whilst cmd doesn't have the needed command
You can use the following syntax, I had the same question and did not think a script should be needed.
runas /profile /user:domain\username cmd
This worked for me, it may be different on your network.
I did it easily by using this following command in cmd
runas /netonly /user:Administrator\Administrator cmd
after typing this command, you have to enter your Administrator password(if you don't know your Administrator password leave it blank and press Enter or type something, worked for me)..
Press the Windows + X key and you can now select the Powershell or Command Prompt with admin rights. Works if you are the admin. The function can be unusable if the system is not yours.
I've created this tool in .Net 4.8 ExecElevated.exe, 13KB (VS 2022 source project) it will execute an application with an elevated token (in admin mode).
But you will get an UAC dialog to confirm! (maybe not if UAC has been disabled, haven't tested it).
And the account calling the tool must also have admin. rights of course.
Example of use:
ExecuteElevated.exe "C:\Utility\regjump.exe HKCU\Software\Classes\.pdf"
I used runas /user:domainuser#domain cmd which opened an elevated prompt successfully.
There are several ways to open an elevated cmd, but only your method works from the standard command prompt. You just need to put user not username:
runas /user:machinename\adminuser cmd
See relevant help from Microsoft community.

Resources