I have a package that gets distributed to multiple machines including a batch file that moves some files into directories. One of the files that gets moved is an executable (.exe). This exe will be ran on a schedule, once the batch file runs for the first time, and moves files accordingly, it is never used again.
If I right click the .exe file > Properties > Compatibility, there is an option under Settings to run this program as an administrator. The application only seems to work when it is ran as an administrator, so I would like to enable this setting whenever the batch file runs.
Is there a way to modify this setting within a batch or via CMD?
What I continue to find in my search, is how to run cmd as admin, or how to add a runas command to the batch so the batch itself is executed as a admin. Since the batch file is only run at setup, and never again, I need a way to set the settings for the exe itself to run as admin.
Based on the info provided in this answer you can add the full path to the registry key Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers with the REG command like so:
Everything should be on one line but for clarity I put each argument on a separate line
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers"
/v "c:\full\path\to\your\exe\file.exe"
/t REG_SZ
/d "RUNASADMIN"
Above command sets the compatibility flag for all users/system wide. If you want to set it only for the current user use HKCU instead of HKLM.
Do note that setting the value in HKLM subtree requires elevation.
This is tested on Win7 but should work on Vista and Win8.
Related
I would like my batch script to start automatically when my victim starts their computer. But it does not work when I put the file under "Start Menu".
So how do I do?
Put the batch script (or a .lnk shortcut to it) under (for a specific user)
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup
or (for all users, putting it here may require Admin privilege)
%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
Or you can edit the registry to add an item or use Windows Task Scheduler. These two methods allow you to put your batch script anywhere.
FYI, I used to deploy my script1 by putting it somewhere and adding an entry (the type should be REG_SZ) under this registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(replace HKLM with HKCU to add an item for a specific user instead of all users)
1: Link goes to my GitHub repo
I'm trying to make a batch start after a restart. Will this work?
This doupdate.bat is stored at a USB drive and is going to be used in many computers.
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /V 1 /D "%~d0\cmd\DoUpdate.bat
So you want it start on startup? Since you cant use Autorun.inf since that needs to be manually clicked to start it up and ever since Win7 it doesnt allow you to change what file it opens on USB, it sounds like your only option is the startup folder. You could write a second batch script to copy the file into the computers startup folder. Here is the code to copy the file into the startup folder as a bat:
C:
copy doupdate.bat "C:\Users\%USERNMAE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doupdate.bat"
(Note: Thats assuming the bat to move the file is on the USB, and also replace the 'C:' in the code with whatever drive it will be moving to, you cant simply have it move directly to the C drive or CD to it, you have the enter the name since interacting between different drives on batch it tricky, so you have to cd to them a special way first)
But that would only have the file auto-open on restart only on the user that you were currently using when you ran the file.
Also that method requires you to have the file installed to the users computer.
And if you dont want the file to stay on the users computer after its already done its job, simply add this code at the end of "doupdate.bat" for it to delete itself:
del "C:\Users\%USERNMAE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doupdate.bat"
its as simple as that, that way when it gets run from the Startup folder, as soon as its done with all of its purpose, it will remove itself, and then to re-add it, simply re-run the bat to move the file.
I hope my info helped, and if any of the methods here wont work for your specific bat file just tell me and ill try to find a different method to do it and will edit this post to include that method.
This should work:
copy "doupdate.bat" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"
Note: Make sure to use this in Windows 10. I am not sure if this will work in Windows 8, 7 but it should also work
Create a new file test.bat, the content is as follows:
echo aa;
and execute it in the dos command line,
test.bat
there are no output in the window. But when I tested it in another computer, it outputs
aa
When I double click the bat file, it always disappeared suddenly even I add a "pause" clause line in the test.bat file. Both the systems are Window XP. Can sb tell me where is the problem, please?
I have checked all the things Mofi suggested, but the problem remains.
Now, I divscover when reboot to the system using another Administrator account. All is fine.
So, whether the problem comes from the registry record of the Windows XP?
See my answer on Iterating over files in directory prepends extra character to filename where I have already explained what to check if batch files are not working as expected.
The environment variables ComSpec, PATHEXT and PATH should be verified by you first. And check also the values of registry key Command Processor as explained in referenced answer. Also Autorun value of key Command Processor is very critical.
Further, start Regedit and check standard value of registry key HKEY_CLASSES_ROOT\.bat displayed on right side. It should be batfile. Then go to HKEY_CLASSES_ROOT\batfile, open it and navigate to subkey open - command. The standard value is "%1" %*. It could be that your Windows registry is partly corrupt which makes it not possible to run a batch file by double click.
A check for a problem with registry would be opening a command prompt window by running
C:\Windows\System32\cmd.exe
via Run entry in start menu of Windows. Then run your batch file from within the command prompt window.
You should also run from a command prompt window
C:\Windows\System32\chkdsk.exe C: /F
and confirm running the check disk tool of Windows on next boot of Windows. Then restart Windows to let this tool check the file system for errors resulting in 1 or more corrupt files. If an error was really detected in file system, run after Windows finished starting from a command prompt window
C:\Windows\System32\chkdsk.exe C: /F /R
Confirm running this tool once again on next boot of Windows, but this time with read/write tests on all sectors of your hard disk and repairing sectors if that is possible at all. It can take several hours depending on size of drive C: to finish this task.
Added on 2014-09-28:
Anti-virus application
Do you have checked already the configuration of the anti-virus application?
It could be that it blocks the execution of all *.bat files.
Windows System Restore
Do you have already tried to use Windows System Restore for the account on which batch file execution fails and go back to a restore point of a date on which you are sure that batch file execution worked?
If ntuser.dat or ntuser.dat.log (= registry of current user) is partly corrupt or something is misconfigured in Windows registry for this user account, this would be the easiest method to get back a working environment for the account.
Process Monitor Analysis
As execution of batch files does not work only with one account, the reason must be a corrupt or wrong set key or value in registry of this account.
I suggest to download and run free tool Process Monitor from Sysinternals (Microsoft) using first the account on which batch file execution does not work as expected.
The first displayed on start of this tool is a dialog to configure a filter. Select from first list Process Name, let is selected on second list, enter cmd.exe in edit field, and let Include selected in last list. Click next on button Include and then on OK.
Now in main application window of Process Monitor click on last 3 symbols in toolbar to toggle off those features resulting in monitoring only registry and file system accesses. Clear current list by clicking on fifth symbol in toolbar or by pressing Ctrl+X.
Now double click on your sample batch file in Windows Explorer. Then switch batck to Process Monitor, scroll up to beginning and look line by line what happens on executing of a batch file. Perhaps you can see something which you think is not correct.
The column Result should show only SUCCESS and NAME NOT FOUND and rarely NO MORE ENTRIES for registry entries in log. INVALID in column Result is not good. The log can be saved as CSV file with Ctrl+S or by clicking on disk symbol in toolbar.
Exit Process Monitor, logout from this account, logon on other account, start here also Process Monitor, configure the same filter, execute same batch file and save also this log into a CSV file. Compare the 2 CSV files and look for differences (other than time and line number).
Windows Registry Compare
Another method to find out what is different between the 2 accounts resulting in batch file execution not working is comparing the registry hives of those 2 accounts. In both accounts start Regedit and export entire key HKEY_CURRENT_USER to a *.reg file. Compare the two registry exports with a text comparison tool. The new administrator account has definitely less keys and values. Interesting are those blocks with just similar, but not identical lines.
Most interesting are the keys:
HKEY_CURRENT_USER\Console
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\Software\Classes\.bat
HKEY_CURRENT_USER\Software\Classes\batfile
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
Some keys from this list can be missing completely. That would be okay as in this case the same key under HKEY_LOCAL_MACHINE is taken into account by Windows. But when a key is missing in account on which batch file execution fails, it should be also missing in the other account, or something is wrong here.
What could be a big and hard to find problem is a registry key which is displayed on viewing the registry tree with Regedit, but when clicking on the key it cannot be read.
I have seen such partly corrupt registry keys already several times and it is very hard to fix such a registry error. This happens for example if an application removes a registry key without removing it also from index table of the registry.
Totally unexpected things happen if a registry key is present in index, but does not exist anymore in registry. For example I fixed once an issue where HKLM\Software\Classes\mailto was in index list, but did not exist anymore in registry. When the user clicked on a mailto link, Windows started creating new emails in Outlook in a loop until Windows run out of resources and user restarted Windows.
Please add # before echo, like this:
#echo aa
#pause
Its working in my Windows7 machine.
I use a remote support program to access agent's computers to set them up to work with our dialer.
I use a script via that remote program that adds IE shortcuts to their desktop. To make this script work for any variety of computer setups, the shortcuts are created on the AllUsersDesktop.
I also install a program (called Ventrilo) that creates a shortcut on the specific desktop they are on when I remote into their system.
I would like to add a batch file they can execute that will automatically open the shortcut to Ventrilo and open the IE shortcut on the AllUsersDesktop.
The batch file I have is as follows:
#echo off
start Ventrilo.lnk
start Shortcut.lnk
This opens Ventrilo but not the Shortcut. I am certain it is because the Shortcut is on the AllUsersDesktop, while the shortcut to Ventrilo is not. However, I cannot figure out how to use that start command in conjunction with %AllUserDesktop%
%allusersprofile%\desktop\shortcut.lnk
Type set in a command prompt.
You can start IE by calling start on iexplore, no need to run the shortcut.
start iexplore
Alternatively GoughW's answer should do the trick to.
Make sure you have an end line at the end of your
start shortcut.lnk
in your batch file.
I have a batch file which uses gpresult /v and saves the output in a text file and copy that text file to a shared folder. This batch when i run on my local machine works perfectly fine but once i deploy it through SCCM it says can not open file with error code 4. I dont know what is wrong in the file.
the code is Like this:
#echo off
gpresult /v >%computername%.txt
xcopy %computername%.txt \some path
Error 4 is "The system cannot open the file.", as if the path is invalid or the open() fails for some other reason.
Do you know what directory the program is running in (CWD)?
That's where the results of gpresult are going (if the output redirection succeeds).
gpresult is not going to produce meaningful user-level data for the SYSTEM user.
Perhaps you should use gpresult /v scope computer.
Why are you using xcopy when you're only copying one file? xcopy really only has added value (over copy) if you are copying directories.
xcopy's behavior changes depending on how you specify the target. If the target ends with the directory separator (backslash), xcopy treats it like it's a directory. If it doesn't and the target doesn't exist, xcopy asks you what to do, which causes automated processes to pause indefinitely waiting for user input.
SCCM Programs Run as 'NT Authority\SYSTEM'
When SCCM (2007) runs a program, the program doesn't run as a regular user. It runs as the highest privilege user (sort of), SYSTEM.
This account is not a regular account, and many settings and environment variables that exist and are predictable for a regular user are different or do not exist for SYSTEM.
One particularly frustrating "feature" of the SYSTEM account's profile is that it is nestled away under %WINDIR%\System32, and so it is subject to filesystem redirection whenever you refer to anything relative to the profile.
Try this: use psexec -s (sysinternals) to get shell access as the SYSTEM account and run the command in that environment to see how it behaves. This is as close as we can get to an environment like the one SCCM programs run under.
When SCCM runs the command, the CWD will probably be somewhere under %WINDIR%\SysWOW64\CCM\ and may be invoked with the 32-bit version of CMD.EXE.
I have a question in regards to something similar to this. So I have an uninstall bat that runs. Due to the vendors uninstall it causes a force close of the windows explorer UI. So in haste to solve that issue I added a call to open explorer.exe. There is a problem with this as someone pointed out to me. Actually as soon as he said I knew exactly what he was saying and where he was going with his statement. Calling explorer.exe would be fine except that the bat is running under the system context not the user so when explorer is restarted it will start under the guise of the system desktop profile not the user's. I know there is way to still run under the guise of system but to restart explorer under the currently logged in user's profile.