Batch file to run under administrator always - batch-file

How can i make a batch file always run as administrator and then convert it into exe file so that it asks the user to run as administrator in all computers

Depending on the version of windows you are using - there are already answers on stack about this
How can I auto-elevate my batch file, so that it requests from UAC administrator rights if required?

Related

UAC issue on Windows Server 2008 R2

I have a 20-year-old executable on 64-bit Windows 2008 R2 that needs to run when called from a batch file.
I tried the settings under Compatibility | Privilege Level | Change settings for all users | Run this program as an administrator, but it does not work -- it always brings up the UAC access prompt.
The only way it will run is with User Account Control disabled. I thought about running the batch in a Scheduled Task with the elevated permissions, but if it doesn't work with the Compatibility settings to run as admin, I don't know how it would be any different in Scheduled Tasks. I will be running it with Scheduled Tasks, but right now I am in testing mode.
Also, the paths are hard-coded in the program, so I can't reinstall under Program Files - it has to be directly under C: drive.
Is there something else I can do to get this to run with UAC enabled?
When you login to Windows with an Administrator account, Windows creates two tokens for you: an elevated one that has all your admin privileges, and a limited one that functions more like a regular user token. When the OS detects that you are trying to run something that requires the elevated privileges, it will show a UAC prompt to allow you to confirm that you want to run elevated.
So, if you run the batch file in a way that it already uses an elevated token, you won't get a UAC prompt. Interactively, you can open Command Prompt elevated (which will require a UAC confirmation), and then run the batch file as much as you want without any further prompts. Alternatively, you could run it as a scheduled task. As long as the scheduled task is running with the correct user credentials (you could run under your user account with highest privileges checked, or run it under some system account, or even create a completely new Admin user account), it should be able to run without any UAC prompt.
Bear in mind that as soon as you have the system running a batch file with elevated privileges, anyone who can modify that batch file can compromise your computer. You should run it as an account with as few privileges as possible (while still running successfully), and make sure the batch file itself is secured.

Unable to access pscp.exe with a windows service account

I have built a windows batch file code that fetches the list of files from an FTP server and then pulls the appropriate file from that list. The batch file uses a combination of pscp.exe and psftp.exe in order to achieve this.
If I login as a member of the administrator group and execute this batch file manually (double clicking) it works perfectly, but the problem arises when I schedule a windows task to run that batch file from a windows service account (which is not in the administrator group).
The job when running under the windows service account is unable to execute the command for pscp.exe used in the code, whereas it executes everything else prior to that in the batch file perfectly normal.
Below is the line of code that I have used in my batch file :
pscp.exe -sftp -v -batch -pw %password% -ls %username%#ServerAddress:/outbox > F:\dirlist.txt
The service account is a member of BatchAccountsLG and ServiceAccountsLG groups, which is needed for the job to be able to execute the batch file code. Also, the service account has all the required access on any of the files/folders needed in the execution of the code.
I am not sure what the problem is because the batch file works perfectly fine if use my admin credentials, whereas it fails when the job is scheduled with the windows service account.
I have tried looking for an answer through google, but I have drawn a blank, any help on this would be highly appreciated. If there is anything else that I need to add to this, I would be more than glad to do so.
Thanks to all the ideas in advance.

NSIS batch file permissions

I have a batch file which modifies some files within program files upon installation of an application using NSIS.
The issue I currently have is that NSIS is not running the batch file with administrator permissions so the script fails.
Is it possible to run the script with the required admin permission set?
It must support the OS XP+, and the batch script is run from an NSIS installer.
Is the NSIS installer being ran with administrator permissions? If so, any process that the installer starts will also have administrator permissions.
Check out Ander's answer on how to request admin rights for your installer:
https://stackoverflow.com/a/8735349/1030416
How do you execute your batch? Exec, ExecShell or nsExec?
Try changing it or paste snippet of your code here.

Running a bat file from another

this is the structure of a batch file
SET CURDATE=%date%
REM run some code bellow
.....
.....
.....
.....
"C:\CADMAC2k\SYS\CADMAC.exe"
this batch file reads the current date, does some modifications and then starts cadmac.exe (a cad program).
this batch file needs to be run as administrator right, but cadmac.exe should be run as current logged-in account.
when I right click this batch file and select run as administrator, cadmac.exe is run with admin rights too.
Is there any way to make cadmac.exe run with current user rights (logged in account) not administrator rights?
any kind of advice is much appreciated.
If there are specific commands in your batch file that need to be run as Administrator you can use the runas command.
Then, you can start the batch file as the logged-in user. runas prompts for Administrator credentials when necessary.
You can use Run AS for exe.
Here is possible solution
Running .exe's with Run As in a .bat file

How can I use a batch file to launch an application as a specific user?

I'm trying to figure out how I can use a batch file to launch Internet Explorer as a local user on the system hosting the batch file. Ideally I'd like to be able to double click the batch file and not have to enter user credentials. To break it down a bit:
User is logged onto the host system with a domain user (Server 2008 R2 Standard 64bit)
User can then double click on a batch file that will launch Internet Explorer as a local user on the host system, without prompting for the local user credentials
All I can find is information about NET USE, any help would be greatly appreciated!
"runas" command was intentionally designed to prompt for password. So, that is not your solution.
One of option is to create a scheduled task where you can store the password (safely) and run the scheduled task from batch file.
But if the batch file is distributable and not going to be run on same machine.. you may have to investigate on how to create a schedule task from batch file and then run it.
you may find this reference helpful

Resources