Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
zask
Posts: 26
Joined: 14 Dec 2015 17:58

Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#1 Post by zask » 05 May 2017 08:59

Hello, I need a way to make a batch file start invisible with uac, but if the uac fails to get administrative privileges, continue the batch script invisible without admin.

This is my script.

Code: Select all

@echo off

::copies itself to temp folder
if not exist "%TEMP%\%~NX0" (
copy %0 "%TEMP%\%~NX0" )
 
::uses vbs file to run itself invisible with uac
if not exist "%TEMP%\%~N0.vbs" (
echo set shell=CreateObject^("Shell.Application"^) > "%TEMP%\%~N0.vbs"
echo shell.ShellExecute "%TEMP%\%~NX0",,, "runas", 0 >> "%TEMP%\%~N0.vbs"
echo set shell=nothing >> "%TEMP%\%~N0.vbs" )
 
::puts itself on startup using registry
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%~N0" > nul 2> nul || (
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%~N0" /t REG_SZ /f /d "%TEMP%\%~N0.vbs" )


it works but it cant continue the batch script like the code bellow does?
this script is allowed to continue after prompting uac, is it possible to apply it to the above script? if so, which part makes it possible and how can i apply it to the above script.

Code: Select all

@echo off

:: BatchGotAdmin
:-------------------------------------
REM  --> Check for permissions
    IF "%PROCESSOR_ARCHITECTURE%" EQU "amd64" (
>nul 2>&1 "%SYSTEMROOT%\SysWOW64\cacls.exe" "%SYSTEMROOT%\SysWOW64\config\system"
) ELSE (
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
)

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    set params = %*:"=""
    echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
    exit /B

:gotAdmin
    pushd "%CD%"
    CD /D "%~dp0"
:--------------------------------------   
    <YOUR BATCH SCRIPT HERE>
   


i basically just need a batch file that is ran invisible at the same time that it requestes for uac, but still continues if uac fails to get admin, but I want it to have startup too.
thanks
Last edited by zask on 05 May 2017 21:18, edited 3 times in total.

zask
Posts: 26
Joined: 14 Dec 2015 17:58

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#2 Post by zask » 05 May 2017 15:12

That's weird, the code tag messed up, phone probably glitched, mybad I can't change it now

zask
Posts: 26
Joined: 14 Dec 2015 17:58

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#3 Post by zask » 05 May 2017 21:15

Oh wait, I can.... Sorry if my message wasn't clear, im not used to this website yet....

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#4 Post by aGerman » 06 May 2017 06:33

Code: Select all

@echo off &setlocal EnableExtensions DisableDelayedExpansion
cd /d "%~dp0"&if "%~1"=="~e~" (shift&goto :elevated)
set "param=%*"
>nul 2>&1 net session &&(set "__verb=open")||(set "__verb=runas")
set "vbs=%temp%\uac.vbs"&set "me=%~f0"&setlocal enabledelayedexpansion
if defined param set "param=!param:"=""!"
>"!vbs!" echo CreateObject("Shell.Application").ShellExecute "!comspec!", "/c """"!me!"" ~e~ !param!""", "", "%__verb%", 0
cscript //nologo "!vbs!"&del "!vbs!"&goto :eof
:elevated
::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: Do your elevated stuff here...


Hope this helps.
Steffen


zask
Posts: 26
Joined: 14 Dec 2015 17:58

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#6 Post by zask » 08 May 2017 10:54

aGerman wrote:

Code: Select all

@echo off &setlocal EnableExtensions DisableDelayedExpansion
cd /d "%~dp0"&if "%~1"=="~e~" (shift&goto :elevated)
set "param=%*"
>nul 2>&1 net session &&(set "__verb=open")||(set "__verb=runas")
set "vbs=%temp%\uac.vbs"&set "me=%~f0"&setlocal enabledelayedexpansion
if defined param set "param=!param:"=""!"
>"!vbs!" echo CreateObject("Shell.Application").ShellExecute "!comspec!", "/c """"!me!"" ~e~ !param!""", "", "%__verb%", 0
cscript //nologo "!vbs!"&del "!vbs!"&goto :eof
:elevated
::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: Do your elevated stuff here...


Hope this helps.
Steffen


mhm, having a hard time figuring out exactly whats its doing, could you please explain?
also when i type echo !Param! it displays "echo is off" instead of the value of !Param!.

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#7 Post by aGerman » 08 May 2017 12:57

zask wrote:could you please explain?

Sorry I should have added some comments.

Code: Select all

@echo off &setlocal EnableExtensions DisableDelayedExpansion

:: Change the working directory to the directory of the batch file.
:: If the first passed argument was ~e~ (that is, the batch file was called from the VBScript)
::  then shift the parameters by one and continue at label :elevated
cd /d "%~dp0"&if "%~1"=="~e~" (shift&goto :elevated)

:: Assign the passed arguments to variable param.
set "param=%*"

:: NET SESSION fails if the batch code doesn't run with elevated permissions.
::  Assign variable __verb to "open" if the batch file runs elevated or to "runas" if it doesn't run elevated
>nul 2>&1 net session &&(set "__verb=open")||(set "__verb=runas")

:: Assign the name of the VBScript to variable vbs.
:: Assign the full name of the batch file to variable me.
:: Enable delayed variable expansion.
set "vbs=%temp%\uac.vbs"&set "me=%~f0"&setlocal enabledelayedexpansion

:: If arguments were passed, prepare them to be passed from within the VBScript by doubling the quotation marks.
if defined param set "param=!param:"=""!"

:: Write the VBScript. The ShellExecute method will run the batch file in a cmd.exe process where ~e~ will be passed as
::  first argument followed by the original arguments (saved in param). The UAC will be invoked if __verb was set to "runas".
::  Elsewise the UAC will not be invoked. For further information about the ShellExecute method see:
::  https://msdn.microsoft.com/en-us/library/windows/desktop/gg537745(v=vs.85).aspx
>"!vbs!" echo CreateObject("Shell.Application").ShellExecute "!comspec!", "/c """"!me!"" ~e~ !param!""", "", "%__verb%", 0

:: Run the VBScript in a cscript.exe process.
:: Delete the VBScript file.
:: Quit the batch execution.
cscript //nologo "!vbs!"&del "!vbs!"&goto :eof


:elevated
::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: Do your elevated stuff here...


zask wrote:also when i type echo !Param! it displays "echo is off" instead of the value of !Param!.

What did you expect to see? If you didn't pass any arguments to the batch file then %* is empty. Thus, variable param will be undefined. If you try to output an undefined variable you'll get the ECHO status as always. I added the parameter handling because I found it in one of your examples. If you run the batch file via double click you won't actually need it.
However try to pass an argument (e.g. drag/drop another file onto the batch file) and echo %1 in the :elevated section in order to see how it works.

Steffen

zask
Posts: 26
Joined: 14 Dec 2015 17:58

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#8 Post by zask » 08 May 2017 14:48

Oh I see, thanks that makes things much easier to edit now.
I wasn't suspecting anything honestly, I was trying to display the values of the script to understand what exactly the code was doing. Give me one moment, I've used parameters before, just didn't understand exactly what the "if not defined param set ...etc" line was doing. I could see now what its doing now that you have explained, I normally have a very small time to ever get on computer because I do not own one, so I'm trying to teach my self how to code since that's what I used to do before my computer broke.

zask
Posts: 26
Joined: 14 Dec 2015 17:58

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#9 Post by zask » 13 May 2017 09:05

Thanks works perfectly, took me time to get the chance to test it. However, i still need it to run invisible if admin isnt aquired, if admin isn't aquired from the uac, the batch file still continues to display a visible window before closing the window, how would I make it run itself invisible without uac if uac has failed to require the administrative privileges?

Uac_invisible.vbs is the file that runs the batch file invisible at the same time that it request
For uac.

Invisible.vbs is the file that runs the batch file normally without the uac, except still invisible.

For example, replace the uac_invisible.vbs with a normal invisible.vbs, and run the regular invisible.vbs (only if admin isnt aquired) right before the cmd window closes.

Its hard to test the code because I only get to code at school sadly :/

Anyway thanks for the help

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#10 Post by aGerman » 13 May 2017 13:05

Lets try a slightly different approach. The idea behind:
- If the batch file does already run with elevated permissions then just start it again without invoking the UAC. Elevation will be inherited automatically.
- Elsewise: If the user does not belong to the administrators group then don't even try to invoke the UAC prompt. Just start it again without elevation.
- Elsewise: If the user belongs to the administrators group then invoke the UAC prompt. Acquiring elevated permissions for the restarted process should be possible.

Code: Select all

@echo off &setlocal EnableExtensions DisableDelayedExpansion

:: Change the working directory to the directory of the batch file.
:: Assign the full name of the batch file to variable me.
:: If the first passed argument was ~e~ (that is, the batch file was called from the VBScript)
::  then shift the parameters by one and continue at label :work
cd /d "%~dp0"&set "me=%~f0"&if "%~1"=="~e~" (shift&goto :work)

:: Assign the passed arguments to variable param.
set "param=%*"

:: Default verb is "open"
set "__verb=open"

:: NET SESSION fails if the batch code doesn't run with elevated permissions.
:: WHOAMI /GROUPS lists SID S-1-5-32-544 if the account belongs to the administrators group
:: The verb will be changed to "runas" only if the code doesn't already run with elevated permissions
::  and the account belongs to the administrators group
>nul 2>&1 net session ||(2>nul whoami /groups|>nul findstr /i "\<S-1-5-32-544\>" &&set "__verb=runas")

:: Assign the name of the VBScript to variable vbs.
:: Enable delayed variable expansion.
set "vbs=%temp%\uac.vbs"&setlocal enabledelayedexpansion

:: If arguments were passed, prepare them to be passed from within the VBScript by doubling the quotation marks.
if defined param set "param=!param:"=""!"

:: Write the VBScript. The ShellExecute method will run the batch file in a cmd.exe process where ~e~ will be passed as
::  first argument followed by the original arguments (saved in param). The UAC will be invoked if __verb was set to "runas".
::  Elsewise the UAC will not be invoked. For further information about the ShellExecute method see:
::  https://msdn.microsoft.com/en-us/library/windows/desktop/gg537745(v=vs.85).aspx
>"!vbs!" echo CreateObject("Shell.Application").ShellExecute "!comspec!", "/c """"!me!"" ~e~ !param!""", "", "%__verb%", 0

:: Run the VBScript in a cscript.exe process.
:: Delete the VBScript file.
:: Quit the batch execution.
cscript //nologo "!vbs!"&del "!vbs!"&goto :eof


:work
::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: Do your stuff here...
>nul 2>&1 net session &&(set "elev=elevated")||(set "elev=unelevated")

>"%temp%\Message.txt" echo File "%me%" is running %elev%.
start "" notepad "%temp%\Message.txt"
timeout /t 2 /nobreak
del "%temp%\Message.txt"


Steffen

zask
Posts: 26
Joined: 14 Dec 2015 17:58

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#11 Post by zask » 13 May 2017 17:46

Thank you I'll test it as soon as possible, your really a smart coder, thumbs up.
Here's another question, is it possible to make it run as administrator every time as long as it was ran as administrator at least once? Might or might not be possible.... This would be very useful for a variety of scripts I use.

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#12 Post by aGerman » 13 May 2017 18:15

In generally this isn't possible.
You could create a scheduled task with highest privileges on a computer where you can omit the actual scheduling. Instead you can run it with a shortcut to schtasks.exe. However to setup such a task you would need administrative privileges (who would have thought).

Steffen


zask
Posts: 26
Joined: 14 Dec 2015 17:58

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#14 Post by zask » 15 May 2017 09:36

Nvm my question I think I figured it out
Last edited by zask on 15 May 2017 10:14, edited 1 time in total.

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Run batch file invisible on startup with uac, if uac fails to obtain admin, continue batch file after uac is closed

#15 Post by aGerman » 15 May 2017 10:12

A batch file always runs in a console window. As you know you can hide it with a VBScript snippet. So what you could do is to run it directly from a VBScript.
(I wonder what hiding a batch window is even good for. If you don't want it you should rather move to another language.)

Steffen

Post Reply