Page 1 of 1

Is batch script able to tell the rest of BAT file to run As Administrator?

Posted: 03 Aug 2022 13:29
by DOSadnie
Whenever I need for whatever reason to run one of my BAT files to be executed in the elevated mode I run it by simply clocking LNK shortcut file leading to it, which LNK has the

Properties > Shortcut > Advanced Run as administrator

option selected


But is is possible to insert some script at the very beginning of such BAT - so that the est of it would run as if that file just had been executed As Administrator? For example non elevated EXE of AutoHotkey is able to run its AHK files as elevated ones when a proper code is inserted to them [although there are some drawbacks to this method]

Re: Is batch script able to tell the rest of BAT file to run As Administrator?

Posted: 04 Aug 2022 12:55
by atfon
There are several examples out there of how to auto-check for privileges and elevate as needed. Here is a simple example:

Code: Select all

(
>nul 2>&1 %__APPDIR__%net.exe session
) || (
echo Set UAC = CreateObject^("Shell.Application"^) > "%tmp%\uac.vbs"
echo UAC.ShellExecute "%~snx0", "%*", "%~sdp0", "runas", 1 >> "%tmp%\uac.vbs"
) && (
"%tmp%\uac.vbs" && exit /b
)
if exist "%tmp%\uac.vbs" del /f /q "%tmp%\uac.vbs"

Re: Is batch script able to tell the rest of BAT file to run As Administrator?

Posted: 04 Aug 2022 14:40
by aGerman
Once a process is running it can't get elevated anymore. The piece of code atfon posted uses the NET SESSION command which fails if the Batch script is not running elevated. If so, a temporary VBScript is created that invokes the UAC prompt and runs the Batch script elevated again, while the unelevated process quits.
You could avoid the creation of a temporary file though.

Code: Select all

@if (0)==(0) echo off
>nul 2>&1 "%__APPDIR__%net.exe" session &&goto __elevated__
set __args__=%*
"%__APPDIR__%cscript.exe" //nologo //e:jscript "%~fs0"
exit /b
:__elevated__

::::::::::::::::::::::::::::::::::::::::
echo this part of the code is elevated
echo sript arguments: %*
pause
::::::::::::::::::::::::::::::::::::::::

goto :eof @end new ActiveXObject('Shell.Application').ShellExecute('cmd.exe','/c ""'+WScript.ScriptFullName+'" '+new ActiveXObject('WScript.Shell').Environment('PROCESS')('__args__')+'"','','runas',1);
This is a JScript hybrid. Leave the first 6 lines and the last line unchanged. Only update the part marked with the lines of colons.

Steffen

Re: Is batch script able to tell the rest of BAT file to run As Administrator?

Posted: 31 Aug 2022 17:05
by DOSadnie
aGerman wrote:
04 Aug 2022 14:40
Once a process is running it can't get elevated anymore. The piece of code atfon posted uses the NET SESSION command which fails if the Batch script is not running elevated. If so, a temporary VBScript is created that invokes the UAC prompt
You mean it asks for confirmation?

If yes- then I get no such question. [Only from the HIPS feature of COMODO - which I can set to be accepted as a rule]

aGerman wrote:
04 Aug 2022 14:40
[...]
This is a JScript hybrid
[...]
I tested both codes on a real life example [i.e. a BAT file to which I use a LNK shortcut for elevation]- and they seem to work fine. The only difference [at least for me and for now] is that the first one produces a split second in-between window with a visible block of some text [code?]

Is there a way to hide those extra windows? I do not like such flashes on my screen

And which method such I use? Are they some caveats or a possible nasty surprises awaiting to reveal themselves later on?

Re: Is batch script able to tell the rest of BAT file to run As Administrator?

Posted: 02 Sep 2022 05:58
by aGerman
I don't know what configurations you have done on your system. However, usually either the UAC promt will ask you for confirmation or the process is already elevated (e.g. because you've been already prompted due to the shortcut settings). In the first case, though, an unelevated process is created in the first place. As I said, once a process is running unelevated you can't turn it into an elevated process anymore. Thus, the unelevated process acts like a launcher process. This might be the flashing window you're seeing.

Steffen