I am trying to develop a simple script that can run a second script as the machine's local administrator. As the first script I am currently trying:
set name=%computername%
runas /noprofile /user:%name%\Administrator "cmd.exe /c %cd%bg2.2.bat"
When I run the script it never seems to run the second script, which is located in the same directory. The second script is only for copying files.
del "C:\Windows\obh_logo.bmp"
copy "%cd%obh_logo.bmp C:\Windows\obh_logo.bmp"
When the first script runs I am prompted for the admin password as expected and once I enter it, a second command prompt seems to flicker on the screen then vanishes. It never appears to run the second script. What seems to be the reason for this not working?
%cd%will probably not point where you think it does, (just tested it, of course the variable gets replaced before the command gets called and does actually point to the first scripts dir, but the problem still persists in the second script)
the runaschanges the working directory for the cmd.exe instance you are starting, probably to C:\Windows\system32.
replace it with %~dp0, which yields the drive and path of the current batch file.
But! Your script will not run the second file elevated, just under the Administrator account, which is not the same. Manual confirmation is always necessary, see here for possible ways to request elevation from within your script.
I now assume the missing rights is the actual problem, add a pause statement in your second script to watch it, or call it with cmd /k so the console doesn't close.
Related
I want to run an application (.exe file) with a specific user while i'm logged in with another user.
The application which I'm invoking is a licensed one and hence can executed by a specific user.
I refereed this post https://superuser.com/questions/105913/run-as-for-a-bat-file and tried 2 different options as suggested by users i.e. using the command line runas command and using Run As from the context menu.
However for me the context menu one worked but not the command line so there is definitely some difference between the two.
How to make the command line runas work same as context menu Run As ?
I tried following command
runas /profile /env /user:MYUSER "Path to my batch file"
runas /user:<localmachinename_or_domainname>\username path_to_bat
Should be all you need.
As a test, try making your bat file to just run "set" and output to a file, so you can verify that you in fact ran it under that user.
also, in your batch (bat) file, you need to treat it like another DOS prompt.
If your just starting a program, just use
start "c:\pathtoprogram.exe"
For my test example you would enter
cmd /c set>C:\test.txt
I have a simple .bat script triggered on user login to create a uniform work environment (load items to public desktop) as well as a few other small tasks - all are successful.
At the end of this script, I would like to call an additional .bat script and also open a system root folder if criteria is met. This however never occurs. The script I am calling begins with user prompt, and I notice scripts running as group policy do not always open a cmd window etc.
REM --------------------------------------------------
REM -----Update Newest Box & Scales / Uber Script-----
REM --------------------------------------------------
:BOXSCALE
if exist C:\scalescripts\Scale_Box_v3_Script.bat goto UBER
echo -
echo -
echo Scale_Box script is not up to date, please follow directions
call \\ant\fc\Dept\Photo\SDF8\SDF8_JW\scripts\Scale_Box_Uploader_v3\Scale_Box_v3_Uploader_Installer.bat
:UBER
if exist D:\Uber_Share_v2\Uber_Share_v2.bat goto END
echo -
echo -
echo Uber Share script is not up to date, please run installer as ADMIN
%SystemRoot%\explorer.exe "\\ant\fc\Dept\Photo\SDF8\Studio\Tech\scripts\Uber_Share_v2"
Pause
:END
Exit
The first bit (:BOXSCALE) is intended to launch a secondary script that contains mostly robocopy commands. It does require user interaction at the first bit. The second simply opens a server path in windows explorer for user. I am afraid that the user interaction is the problem as the start up script isn't visible to user when launched via GP Logon.
If I run this script manually, I receive the prompt from the first script and the system root opens as intended, but not if it is run via group policy login. I have also tried inputting the last two commands into a separate script and calling that, which also fails. Any ideas to get these last few items to run?
I found the solution to the problem. As suggested, it was the fact that the .bat script I was calling contained a user prompt. As the GP Logon script runs in the back ground, the user is unable to acknowledge prompt leaving the script hanging.
I have another bat file that I'm running, and once in the command prompt that bat file creates, I want to run another command in that window.
Here's what I have so far:
call C:\Batch\MyBatFile.bat (this creates the new command prompt that I want to use)
C:\Program\MyProgram.exe
However, the second line is being run in the original window, instead of the new command prompt. I tried using start C:\Program\MyProgram.exe, but that just ran in a 3rd new window instead.
If it's relevant, the first line is just setting a few environment variables that I need access to and MyProgram is a visual studio 2010 project. Technically, I might be able to modify that bat to run the command, but I'd rather avoid that solution as that bat file isn't owned by me (and thus whenever it's updated I'd have to update mine as well).
Thanks in advance.
You could try to inject your program.exe into cmd created by batfile.bat by redirecting it's input stream and then sending it a command, eg. echo C:\Program\MyProgram.exe | C:\Batch\MyBatFile.bat. This assumes that batch really just sets bunch of variables and does not use commands which reset/consume input stream.
Please note that if redirected/piped this way new command window will not stay open It will maybe :-) just execute your command and then close/exit.
Create a CMD script to run both of the commands that you have shown in the question. Maybe call it RunMyProgram.cmd. The contents are just the two lines that you have:
REM Source the environment variables.
REM Any new command prompt window that is opened can be ignored
CALL C:\Batch\MyBatFile.bat
C:\Program\MyProgram.exe
If what you have stated in the comments to your question is accurate regarding MyBatFile.bat setting up the environment variables and then starting a new window, then you should be able to make use of those environment variables after MyBatFile.bat exits.
If running RunMyProgram.cmd from a command prompt still has MyProgram.exe giving the error when the environment variable is not set, or if MyProgram.exe doesn't even start to run until you close the new window that popped up, then we need to see the exact commands that MyBatFile.bat is executing.
I am working on Windows 7 (logged in as session no.1), my Jenkins CI is running as windows service in session 0.
My problem is.. I want to open an Excel file through Jenkins CI in session 0, but want to display its GUI on session 1.
I know that session 0 is isolated in Windows 7, but is it possible to run a process in session 0 and then output in another session? please help.
Edit:
Took a little trial and error, but this is what finally worked for me (Windows 7 64-bit).
Download PsTools from Microsoft site
We only need psexec.exe, but you can extract everything. Extract to some location accessible by Jenkins, preferably without spaces in the path.
Open elevated command prompt: type cmd into Start's quicksearch, right click cmd.exe, select Run as Administrator.
Type C:\path\to\psexec.exe -accepteula and press enter.
Type C:\path\to\psexec.exe -i 1 cmd and press enter. (If you see a command prompt appear, all is good, close it now)
In Job configuration, configure Execute Windows Batch command step
Write the following:
C:\path\to\psexec.exe -accepteula && C:\path\to\psexec.exe -i 1 cmd /c start C:\PROGRA~2\MICROSO~1\path\to\excel.exe
Where:
C:\path\to is your full path to psexec.exe, unless it is in your %path%
-i 1 is the session ID that you want to launch in.
C:\PROGRA~2\MICROSO~1\path\to is your full path to excel.exe without spaces. Since most Office installations are going to be under paths with spaces, like "Program Files (x86), you have to figure out the short path, or place it somewhere without spaces.
Having excel.exe under %path% and working from regular command line was not enough.
A little explanation for those that care:
psexec needs to install a services first. For that, it needs to be run from elevated command prompt for the first time. This is a one-time installation step.
To make psexec work, you need to accept the EULA prompt. This is done per session/user. So even if you run psexec -accepteula in your command prompt, it doesn't help when Jenkins service (running as Local System in session 0) tries to use it. Therefore, you have to place that into the Jenkins job, along with the command. Technically, it only needs to be there once, and can be removed afterwards, but it definitely doesn't hurt to keep it there.
I've used cmd /k and running this command from my local cmd prompt to debug. This is what made me realize I couldn't find a way to escape the spaces (tried various quoting), so had to resort to short file names. Note that short file names are not required, this is just to escape spaces.
no its not-
plus any UI interactions requires you to run Jenkins as Java web start rather than a service or you can not interact with UI elements.
How do I start/call a batch file from another, but with administrative privileges, so that it doesn't give me errors like the following?
Access is denied error code 5
Here is something like what I would like it to be.
echo PLEASE TYPE YOUR USERNAME AND PASSWORD IN THE FIELDS BELOW.
echo.
echo.
echo.
echo.
set /p u=Username:
echo.
set /p p=Password:
start next.bat %u% %p%
No matter which way you chose, You must accept run it with admin privilege, so the point is which way is shorter? You could Right Click > Run as administrator as jean-Michael said although I prefer james approach (using vbScript) but if you don't want to use another vbScript file and just want benefit of just click on batch file and accept run with admin privilege (Note you have one right click and left click less) I suggest you this:
create a shortcut from your batch file and right click on shortcut > Properties > Shortcut Tab > Advanced now check the Run as administrator check-box. every time you execute it from the shortcut you just have one click to accept run it with admin privilege.
Hope this help.
Sometimes third party utilities like AutoIt (see runas function) are not an option - but if you do have that option, check it out as that will let you do exactly what you're aiming to. You can then call the AutoIt script from your script and use its runas function.
Windows runas doesn't support providing a password unless you're happy with the /savecred option - which is fine if you're only running the task from a single computer. The first time it will ask you for a password, but after that it won't (though you still have to use /savecred option each time you use it). I've got a feeling using this could be a huge security hole. But since it seems this is for your own machine, in your batch use this:
runas /user:computername\username /savecred yourcommand.exe
Another way is to make a scheduled task that can be called by your script. You can make it using the GUI or from an elevated command line as described here.
You can then call it from your script like this:
SCHTASKS /Run /TN yourtaskname
Simply put the bat file into the Windows directory, and it will run as administrator. I tried this myself, and it worked:
C:\Windows\batch_file.bat
It should work like that.
Within the batch file itself there is no way to run as an administrator, however if you launch the batch file from within a .VBS file, you are able to specify a 'runas' parameter.
set shell=CreateObject("Shell.Application")
shell.ShellExecute "your_batch_file.bat",,"C:\path\to\thedirectory", "runas", 0
set shell=nothing
This will launch your batch file as an administrator, and you can enable or disable the shell display (this example hides it as i wanted my program to run in the background without being seen).
Right click -> Run as administrator.
I think microsoft made as much as they could to prevent batch script to get administrative privileges on their own.
#cmd, I posted an example (How can I test effective permissions of a user from a batch script?) to run another bat file with ShellExecute and elevated rights (only when it's needed).
Take a look if it's what you looking for and what you need. If not, let me know and we could adapt your script to make it work.
good luck
I actually joined just to answer this, the simplest way by far is to create a shortcut to the program you want to run, then set the shortcut to run as administrator and just call the shortcut from the batch file. This will run with the settings specified in the shortcut and you could place this shortcut in the same folder as your batch file or just call it from the start menu.
Example:
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder\Shortcut Name.lnk"