I have an installer (Inno-Setup) that installs my application to a path defined by the user. At the end of the install routine i want to create a shortcut that starts the application with admin privileges. The solution should work on all win version from winXP to Win7.
What can i do to achieve this?
I know that it is possible with a batch script, that executes a nasty vb-script. The disadvantage is that the cmd-window popup and it only works on win7 i guess.
I also tried the command mklink to create a hyperlink, but it does not work because it is not possible to pass an argument that set the admin priviliges.
You can add a registry-key that tells windows to execute your program as admin:
Under HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers, just add a key(REG_SZ) <Path to your exe> with the value RUNASADMIN. When you launch your exe, you will be prompted for admin-access.
With that, you can simply create a normal shortcut to your executable like you would do it with Inno-Setup.
If you want to do so via a cmd or a batch-file, you can use the following command:
reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "<Path to your exe>" /t REG_SZ /d RUNASADMIN
The "Run as admin" is a property of the executable, not the shortcut. You should add the required manifest that makes Windows prompt for elevation.
To do this on Windows XP, you will need to use the runas verb with ShellExecute() to run as a different user, but this will remove any ability to access the local profile. This can be done from your exe when it finds it's not running with full admin access.
After creating the shortcut, change its 21st byte (position 0x15) to 32 (0x20) to make it "Run as Administrator". Changing it back to 0 makes it a "normal" (non-admin) shortcut.
Can be done shortcutjs.bat:
shortcutjs.bat -linkfile tst6.lnk -target "%cd%\myscript.bat" -adminpermissions yes
-adminpermissions yes is for if you want to run the bat as administrator. You'll need the full path to your script.
The 'run as admin' tick sets a binary flag in the .lnk file (21st character) and this what the script is doing too - reads it as binary steam and changes that value.
Related
I'm trying to write a batch file that will open computer management as an administrator (on a Windows 7 64 bit system). I have done this successfully with cmd but cannot get it to work with computer management.
The command I have for cmd is:
runas /profile /env /user:username#domain cmd
After I authenticate with my pw, I'm good to go.
The commands I've tried for computer mgmt are:
runas /profile /env /user:username#domain compmgmt.msc
After I authenticate I get an error telling me "compmgmt.msc is not a valid Win32 application.
runas /profile /env /user:username#domain mmc
After I authenticate I get an error telling me "The requested operation requires elevation"
If I run the good cmd option then type in either mmc or compmgmt.msc, the program will open as admin because I'm in cmd as admin already. I'm assuming there's a way to add onto the good cmd command to autopopulate that text into cmd and run it, but I don't know what it is. I'm also open to trying other options, really I just want a tool that works. I know that I can run my batch as admin and avoid all of this but the purpose of this tool is to not have to provide my admin username.
Suggestions?
runas /user:username#domain "cmd.exe /c \"start compmgmt.msc\""
If the .msc runs correctly from cmd, start cmd under the adecuated account and, from here, start the .msc
The problem is that you cannot run an .msc plugin without calling mmc.
The correct call should be in this format:mmc.exe \location of plugin
runas /u:domain\user "mmc.exe \windows\system32\compmgmt.msc"
The start command will also work but relies on the extensions being properly entered in the registry. I usually do mmc \plugin location due to the different windows operating systems we use and the fact that usually half the plugins I want to use are not registered on the system for some reason.
better you travel to that location and then execute that file
You can write batch file which will run:
(CompMgmtLauncher.exe or CompMgmt.msc)
It'll look like
C:\Users\Admin>cd\
C:>cd Windows
C:\Windows>cd System32
C:\Windows\System32>CompMgmtLauncher.exe
C:\Windows\System32>compmgmt.msc
C:\Windows\System32>
How do I start/call a batch file from another, but with administrative privileges, so that it doesn't give me errors like the following?
Access is denied error code 5
Here is something like what I would like it to be.
echo PLEASE TYPE YOUR USERNAME AND PASSWORD IN THE FIELDS BELOW.
echo.
echo.
echo.
echo.
set /p u=Username:
echo.
set /p p=Password:
start next.bat %u% %p%
No matter which way you chose, You must accept run it with admin privilege, so the point is which way is shorter? You could Right Click > Run as administrator as jean-Michael said although I prefer james approach (using vbScript) but if you don't want to use another vbScript file and just want benefit of just click on batch file and accept run with admin privilege (Note you have one right click and left click less) I suggest you this:
create a shortcut from your batch file and right click on shortcut > Properties > Shortcut Tab > Advanced now check the Run as administrator check-box. every time you execute it from the shortcut you just have one click to accept run it with admin privilege.
Hope this help.
Sometimes third party utilities like AutoIt (see runas function) are not an option - but if you do have that option, check it out as that will let you do exactly what you're aiming to. You can then call the AutoIt script from your script and use its runas function.
Windows runas doesn't support providing a password unless you're happy with the /savecred option - which is fine if you're only running the task from a single computer. The first time it will ask you for a password, but after that it won't (though you still have to use /savecred option each time you use it). I've got a feeling using this could be a huge security hole. But since it seems this is for your own machine, in your batch use this:
runas /user:computername\username /savecred yourcommand.exe
Another way is to make a scheduled task that can be called by your script. You can make it using the GUI or from an elevated command line as described here.
You can then call it from your script like this:
SCHTASKS /Run /TN yourtaskname
Simply put the bat file into the Windows directory, and it will run as administrator. I tried this myself, and it worked:
C:\Windows\batch_file.bat
It should work like that.
Within the batch file itself there is no way to run as an administrator, however if you launch the batch file from within a .VBS file, you are able to specify a 'runas' parameter.
set shell=CreateObject("Shell.Application")
shell.ShellExecute "your_batch_file.bat",,"C:\path\to\thedirectory", "runas", 0
set shell=nothing
This will launch your batch file as an administrator, and you can enable or disable the shell display (this example hides it as i wanted my program to run in the background without being seen).
Right click -> Run as administrator.
I think microsoft made as much as they could to prevent batch script to get administrative privileges on their own.
#cmd, I posted an example (How can I test effective permissions of a user from a batch script?) to run another bat file with ShellExecute and elevated rights (only when it's needed).
Take a look if it's what you looking for and what you need. If not, let me know and we could adapt your script to make it work.
good luck
I actually joined just to answer this, the simplest way by far is to create a shortcut to the program you want to run, then set the shortcut to run as administrator and just call the shortcut from the batch file. This will run with the settings specified in the shortcut and you could place this shortcut in the same folder as your batch file or just call it from the start menu.
Example:
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder\Shortcut Name.lnk"
I have written a batch file which will call another batch file and delete some files. For this I need to have admin rights. I tried following command...
runas /user:bala#nsc cmd
Enter the password for bala#nsc: xxxxxxx
Even though bala#nsc has admin rights command prompt is getting opened as a simple user rather than administrator.
I guess, I am missing something. Please help me.
Your results aren't what I expected, either. But I've got a few workarounds to suggest.
You could turn off User Account Control.
You could go to Start --> All Programs --> Accessories, then right-click on "Command Prompt" and choose "Run as Administrator."
You could right-click on your batch script and do the same.
You could create a shortcut to either cmd or your batch script on your Desktop, then modify the properties of that shortcut to run as Administrator.
You could add some code to your batch script to check for admin privileges and prompt for escalation if needed.
Turning off UAC would be my choice.
How can I create a bat or vbs file to create a Windows 7 compatible desktop shortcut?
I need the bat or vbs file to create the desktop shortcut using the following target and start-in locations (below). I basically created a desktop app that uses Google Chrome Portable to render my webapp as if it is Windows native and the shortcut will launch Chrome so it is very lightweight and looks like a genuine Windows application kinda like what Prism used to do. I've tried manually creating the shortcut.lnk but when my user installs my app it wont extract my shortcut.lnk via this path C:\Users\Public\Desktop so thats why I am now trying to create a bat or vbs file I can run on install. Thanks for your help.
Target:
C:\MyProgram\App\Chrome-bin\chrome.exe --user-data-dir="C:\MyProgram\Data\profile" --app=http://my-web-site-url.com/
Start in:
C:\MyProgram\App\Chrome-bin
Your installer should be able to do this ... here is how in VBS:
Set wsc = WScript.CreateObject("WScript.Shell")
Set lnk = wsc.CreateShortcut(wsc.SpecialFolders("desktop") & "\XXXX.LNK")
lnk.targetpath = "C:\MyProgram\App\Chrome-bin\chrome.exe"
lnk.arguments = "--user-data-dir=""C:\MyProgram\Data\profile"" --app=http://my-web-site-url.com/"
lnk.description = "Bla bla"
lnk.workingdirectory = "C:\MyProgram\App\Chrome-bin"
lnk.save
You can use the INTERNAL command MKLINK to make a SYMBOLIC link (ie: It acts just like the file it's linked to).
You need to have an elevated command prompt, or have the Administrator account activated (with a password set, as RUNAS will not accept a blank password).
From an elevated command prompt:
mklnk.bat
#echo off
mklink %~n1.lnk %~dpnx1
With an active Administrator account:
mklnk.bat
#echo off
runas /user:administrator "cmd /c mklink %~dpn1.lnk %~dpnx1"
Because mklink is an internal command, you can't use RUNAS to directly access it, but you can run CMD.EXE as the Administrator, and then call mklink from there.
Both of the above batch files will accept the same options and create the same files in the same place. So if you call the batch file mklnk.bat :
c:>mklnk welcome.msg
symbolic link created for welcome.lnk <<===>> welcome.msg
Another CMD.EXE window will flash on the screen, but that is normal.
I'm trying to run a batch file as admin. I found that I can use runas command which corresponds sudo command in Linux I think.
I tried
runas /noprofile /user:computername\adminuser "blah.bat start"
But it gives an error, saying :
Logon failure: user account restriction.. (msdos window doesn't allow me to copy anything) is there any way I can run this batch file as admin? Right click doesn't work because I can't include any parameters.
A workaround: You can create a shortcut to the batch file, add a parameter in the shortcut, then right-click to run the shortcut as admin.
Right-click the icon for the command-prompt and choose Run As Administrator. Then run you batch file from that window.
I believe that you can allow or disallow the RunAs command with the registry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
"HideRunAsVerb"= 1
See Disabling the RunAs Command