Page 1 of 3
Continue batch after UAC disable
Posted: 16 Jul 2012 08:02
by gymiv
I have a batch file i use for setting up new computers. I would like to add the function of disabling UAC. But i would need to reboot for it to take effect. Is there a way to disable UAC, reboot, and continue with the batch file?
This is the code i am using to disable UAC.
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 08:06
by Squashman
You could use the RunOnce key to have something run the next time the computer starts up.
http://technet.microsoft.com/en-us/libr ... 46765.aspx
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 08:21
by abc0502
Try this "
NOT TESTED"
@echo off
cls
:: This check for the Registry changes made or not yet
:: if the changes is made then goto after_reboot
:: if not make that mean this is the first time to run
:: and it make it and then goto first_time
For /F %%a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA') DO (
IF %%a==0 ( Goto After_Reboot
) Else ( Goto First_Time )
)
:First-Time
:: 1st Disable UAC from Registry
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f >nul
:: 2nd take a copy of this batch to start up folder
Copy /Y "location_of_this_batch" "C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\batch_name"
:: 3rd Now Rebooting the system
Shutdown -r -f -t 2
:After_Reboot
:: put your commands here to be done after the PC Restart
Replace the text in red with the information needed
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 09:08
by gymiv
I believe that will work but won't that leave the batch file in the startup menu. Also i have several exe that this batch runs i would need to copy those to a temp file as well
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 09:10
by Ed Dyreen
'
If ever you need to reboot to make your changes effective you will need to:
- autoLogon the current account
- autoRun this script, and continue where we left
- reboot
you will need to write the functions between %percent% signs yourself if you can't won't use the
lib which has a %reBoot_% function build in.
To do this properly, it is really more complicated than I state here but,
I just provide you the key essentials
%autoLogon_%
Code: Select all
%for§_% (
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
) do (
( %regKey.write_% "%%~§", DefaultUserName,"!$user!", REG_SZ, 1 )
( %regKey.write_% "%%~§", DefaultPassword,"!$user.%$user%.passw!",REG_SZ, 1 )
( %regKey.write_% "%%~§", AutoLogonCount, "1", REG_DWORD, 1 )
( %regKey.write_% "%%~§", AutoAdminLogon, "1", REG_SZ, 1 )
)
%autoRun_%
Code: Select all
set "$regHive=HKCU"
set "$reg.fullPath=!$regHive!\Software\Microsoft\Windows\CurrentVersion\RunOnce"
if !$isAdmin! neq 0 (
( %regKey.write_% "!$reg.fullPath!", "!$autoRun.file!", "!$autoRun.fullPathFile!", REG_SZ, 1 )
) else ( %regKey.write_% "!$reg.fullPath!", "!$autoRun.file!", "wScript.EXE """"!$DOS-KIT.fullPath!\VBS\runAs.VBS!"""" """"!computerName!\Administrator"""" !$user.%$user.name%.passw! """"!$autoRun.fullPathFile!"""" ", REG_SZ, 1 )
%reBoot_%
Code: Select all
shutDown -r -f -t 3 -c "reBoot: '!$user!', $jumpLabel: '!$jumpLabel!'"
runAs.VBS is part of the lib, just download and unpack.
Hope it helps,
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 09:22
by foxidrive
It tickles my funny bone because malware would commonly do such things. They spend time on the OS to prevent it...
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 09:26
by gymiv
can you use this in a batch or is this simply for vbs. I am doing this out of a batch file. Can you explain autorun portion more this has me confused.
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 09:37
by Ed Dyreen
foxidrive wrote:It tickles my funny bone because malware would commonly do such things.
Unattended installation software will do it also typically
gymiv wrote:can you use this in a batch or is this simply for vbs.
Would I post it if it wasn't for batch.
gymiv wrote:I am doing this out of a batch file. Can you explain autorun portion more this has me confused.
The important thing is the reg key you need to add, the runAs.VBS is not essential it just elevates permissions.
Look at the link
Squashman provided on how to use the runOnce key.
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 10:05
by gymiv
I tried running the code you showed but it errors out on the reg.fullpath
C:\Users\p1tech\Desktop>set "$regHive=HKCU"
C:\Users\p1tech\Desktop>set "$reg.fullPath=!$regHive!\Software\Microsoft\Windows
\CurrentVersion\RunOnce"
C:\Users\p1tech\Desktop>if !$isAdmin! NEQ 0 (("!$reg.fullPath!", "!$autoRun.file
!", "!$autoRun.fullPathFile!", REG_SZ, 1 ) ) else ("!$reg.fullPath!", "!$autoR
un.file!", "wScript.EXE """"!$DOS-KIT.fullPath!\VBS\runAs.VBS!"""" """"!computer
Name!\Administrator"""" !$user..passw! """"!$autoRun.fullPathFile!"""" ", REG_SZ
, 1 )
'"!$reg.fullPath!"' is not recognized as an internal or external command,
operable program or batch file.
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 12:36
by abc0502
gymiv wrote:I believe that will work but won't that leave the batch file in the startup menu. Also i have several exe that this batch runs i would need to copy those to a temp file as well
For the batch that will remain in the start up folder u just add this command after all ur commands are finished
Del /F /Q "C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\batch_name"
and for your exe programs just when u add a command point to the fixed place you are running your exe from, and if it was from a usb you can use this code to get the usb drive letter
setlocal
For %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
if exist "%%A:\" (for /f "tokens=5 delims= " %%B in ('Vol %%A:') Do if %%B==
XXXX-XXXX set drv=%%A)
)
:: many thanks to foxidrive for fixing this code
The XXXX-XXXX is the serial number of your usb, you can get it by using this command
vol F: and replace the F with the real letter
and when pointing to a program instead of using "For Example"
C:\apps\program.exe
u use
%drv%:\apps\program.exe
and Don't forget the Red ":"
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 13:18
by gymiv
Thanks i will put all that together and test as soon as i get a chance. Will let you know as soon as i find out.
Many thanks
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 15:56
by gymiv
[edit by Ed Dyreen] Why no code tags ?I am getting an access denied when it tries to change the registry entry. Here is the begining of the script and results, I had added some pauses to keep it from rebooting during testing. Any ideas?
Code: Select all
rem @ECHO OFF
:: Disable UAC
:: This check for the Registry changes made or not yet
:: if the changes is made then goto after_reboot
:: if not make that mean this is the first time to run
:: and it make it and then goto first_time
For /F %%a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\System /v EnableLUA') DO (
IF %%a==0 ( Goto After_Reboot
) Else ( Goto First_Time )
)
:First_Time
:: 1st Disable UAC from Registry
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA"
/t "REG_DWORD" /d "0" /f >nul
pause
:: 2nd take a copy of this batch to start up folder
:: Get USB drive letter
:: Use vol f: to get serial number
:: To point to a program on the USB drive use %drv%:\apps\program.exe
setlocal
For %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
if exist "%%A:\" (for /f "tokens=5 delims= " %%B in ('Vol %%A:') Do if %%B==B729-02C8
set drv=%%A)
)
echo %drv%
pause
Copy /Y "%drv%:\NewMachineSetup.bat" "C:\users\%username%\AppData\Roaming\Microsoft
\Windows\Start Menu\Programs\Startup\NewMachineSetup.bat"
Pause
:: 3rd Now Rebooting the system
Pause
Shutdown -r -f -t 2
C:\Users\p1tech\Desktop>rem @ECHO OFF
C:\Users\p1tech\Desktop>For /F %a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Policies\System /v EnableLUA') DO (IF %a == 0 (Goto After_Reboot
) Else (Goto First_Time ) )
C:\Users\p1tech\Desktop>(IF HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curren
tVersion\Policies\System == 0 (Goto After_Reboot ) Else (Goto First_Time ) )
C:\Users\p1tech\Desktop>REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f 1>nul
ERROR: Access is denied.
C:\Users\p1tech\Desktop>pause
Press any key to continue . . .
Re: Continue batch after UAC disable
Posted: 16 Jul 2012 19:13
by Ed Dyreen
gymiv wrote:I am getting an access denied when it tries to change the registry entry.
Are you running with administrator permissions ? You could Google 'runAs.EXE' or download my 'runAs.VBS' I told you about previously. This will require your script to spawn another instance of itself and then exit.
Google 'setACL.EXE' to prevent it from happening again:
Code: Select all
for %%? in (
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce"
) do for %%! in (
Administrators, etc...
) do "!FullPathFile.SetACL!" -on "%%~?" -ot reg -actn ace -ace "n:%%~!;p:Full;m:set"
Re: Continue batch after UAC disable
Posted: 17 Jul 2012 07:11
by gymiv
If i do a runas administrator by right clicking it pops up an authentication box. My apologies for being ignorant but i am not familiar with "lib" command. I have looked on both pages for a download site and cannot find what you are trying to tell me. Can you point me to the download site you are refering to? I am using win7
Re: Continue batch after UAC disable
Posted: 17 Jul 2012 08:04
by abc0502
The First IF statement have two options go to
First_Time Or go to
After_Reboot and you Removed the second option from your code
:After_Reboot
Put This after this command
So it will look like that:
Pause
Shutdown -r -f -t 2
:After_Reboot
C:\Users\p1tech\Desktop>rem @ECHO OFF