Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Run batch as Admin (auto-elevate) and then de-elevate

Tags:

windows

batch-file

command-prompt

perl

I have a script that runs in 2 parts. The first part requires admin access (updates HOSTS file and does some copying/overwriting). After that part finishes, I need to map a drive using the hostname alias the first part of the script updated.

I have figured out how to get the elevated privileges by using this SO Question. But mapping a drive (while in admin) maps a drive into the admin's session. I need to "de-elevate" back into user mode to run my second script.

This is a script I run at least once every day, and possibly multiple times per day. I am trying to create a solution that is just 1 .bat file, if possible. For reasons, the scripts are written in perl.

Things I have tried:

  1. Using the runas /user:regular_user command (this does not work)
  2. 1 bat file Using CALL for the 2 batch files (This "works" but for some reason both run at the same time)
  3. Running 2 bat files separately, and manually.
  4. Searching SO, but I could not find admin->user instead only user->admin

TLDR: How do I de-elevate to user mode from admin mode in a batch file?

like image 473
Ishikawa91 Avatar asked Jul 16 '13 14:07

Ishikawa91

People also ask

Is it possible to automatically run a batch file as administrator?

Yes, you're able to run a batch file with administrative rights. Unfortunately, you can't do this directly from the batch file it self. You would need to first create a shortcut of that batch file and change the properties for that shortcut in order to make this work.

What does @echo off do in a batch file?

To prevent echoing a particular command in a batch file, insert an @ sign in front of the command. To prevent echoing all commands in a batch file, include the echo off command at the beginning of the file.

2 Answers

Your best bet is to use the best third party remote/local execution tool : Windows Sysinternals PSEXEC. You can supply credentials and accomplish what you need using PSEXEC! You can put PSEXEC commands into your batch file or vbs and have them run without a hitch. You can also call one command with PSEXEC elevated permission and the next without any elevation, while mixing credentials in a single unique batch file.

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

like image 86
apollosoftware.org Avatar answered Oct 26 '22 15:10

apollosoftware.org

If you're using 2 batch files, call the batch ElevatedBatch.cmd with elevation by using Main.cmd (which continues doing unelevated things):

@ECHO OFF
START /WAIT ElevatedBatch.cmd %1 %2 %3 %4 %5 %6 %7 %8 %9
REM here you can do unelevated stuff:
ECHO Running unelevated now

The parameter /WAIT ensures that the script will wait until ElevatedBatch.cmd has ended. For ElevatedBatch.cmd you can use a template like this one to elevate it.

like image 37
Matt Avatar answered Oct 26 '22 16:10

Matt
Sign in to Comment

Related questions

Is there any way to force the WorkingSet of a process to be 1GB in C++?
Video composition with Media Foundation
How do I get the caller SID in kernel mode hook? (windows)
How to retrieve USB device interface GUID?
Javascript / jQuery Windows 8 On-Screen Keyboard
Java Calendar, acts differently OSX Windows
pyodbc is very slow on my machine but not on other machines
Matlab onCleanup with Compiled applications (windows)
Calling C code from within Ruby -- How to use the returned pointer?
How is procdump -t -- dump on process termination -- used?
How to monitor CPU cache on Windows?
Connecting to named pipe in Windows, different user accounts
Is it possible for one process to inject code into another without administrative privileges?
Open file in existing emacs frame (Windows)
Strange behavior from .NET regarding file paths
create qt thread event loop
When does Windows Error Reporting create a dump file? Is it configurable? Has this changed in Windows 7?
Install new version over existing on Windows (upgrade)
How to create a Qt shared library for a non-Qt application
How to specify a specific NIC to be used in an application written in c++ (boost asio)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!