/build/static/layout/Breadcrumb_cap_w.png

Batch run as administrator - automatically with highest privileges by tools Batch_Admin

Batch_Admin I present a script to automatically elevate the Administrator for use in any type of Batch own script, or BAT or .CMD or any program EXE or any internal system command. This function ensures the work on a standard environment, with standard tools and in the same way in different Windows systems. It uses several standard and built-in Windows commands. Do not use any other external scripts. It can be used to call any program as Administrator, not just scripts Batch. It suffices to create a small script, which then call the program that requires permission Administartor.

To use it, you simply insert the following line (exactly as) in its parent Batch script, which is to be run as Administrator.
This is best done at the top of our parent script and it is best that first, which will be called via the CALL further, some sub-scripts (see detailed explanation below).

 

       net session >nul 2>nul&if errorlevel 1  Batch_Admin "%~0" %*

 

 

To display a message while it is still does not have Administrator privileges, eg. for 5 seconds before calling Batch_Admin set the variable "ShowAdminInfo" on the number of seconds

 

     SET ShowAdminInfo=5

     net session >nul 2>nul&if errorlevel 1  Batch_Admin "%~0" %*

 

 

So how it works:

 

·         Calls UAC.ShellExecute through VBScript to pick up user permissions from a group administrator to full Administrator privileges.  Of course, for the ordinary user, outside the group Administrators does not apply, at most, the system will ask for a change of user

·         Batch runs the script, or BAT or CMD with elevated Administrator rights, but only if it is not already as Administartor. If a script is already running with Administrator rights, it does nothing, not even invoked. When you set earlier variable   ShowAdminInfo on the number of seconds it even tells you how to call himself the master script as Administartor.

 

 

Terms of action:

Tool Batch_Admin.bat best placed somewhere in the system directory searchable% PATH%, eg. in   C:\Windows\System32

You can also put it in the directory where we have our parent script, which we then refer to Batch_Admin.bat,  but then we must remember that the call to our script from another directory will not use Batch_Admin if it did not we ask the transition to this directory. It is best to put it in a directory PATH

 

 

How does run with elevated Administrator rights when Batch_Admin diagnose, it is necessary:

·         The parent script may be calling with the extension .BAT or .CMD type or even directly EXE program

·         Maintains the value of the environment variable SET calling, so that they are still the same values and variables after going to the Administrator, with the exception of the TEMP variable (see detailed description below)

·         Script caller can have a long name spaces included in the call in quotes

·         Give back all the parameters call the master script passed from the command line,  as if there was no transmission of the call and start something from scratch, although this is:

o   Also includes various special characters, eg. good moves exclamation marks (!) And percentage (%)

o   Parameters include the use of parentheses  () and passes them correctly back. Therefore, that they were not misinterpreted, in Batch_Admin are used sometimes jumping like: goto

o   Takes into account variables with long names inside quotation marks, with spaces between

o    Including even a single quote, or rather an odd number of the quotes. He is then added at the end the additional space to a pair of quotation marks, but at least the script calls the parent of the other parameters

o    After calling the script parent it is the same calling parameters, that is, for the %0 %1 %2, and so on  as well as if someone has studied all the parameters at once as: %*

·         Holds the location from which the script was called the parent, as does this by default the system and you would expect, exactly as if there was no call by Batch_Admin. If someone wants to change the working directory to another, than where the script was called, as usual you must do it yourself.

·         Auxiliary displays a message if we set before ourselves the variable "ShowAdminInfo", eg. for 5 seconds which can prevent the immediate passage of the rights of the Administrator giving additional information and the possibility of an informed decision. Examples of setting that must be set: SET ShowAdminInfo=5
By default, because this variable is not defined, it does not display.

·         The script is also in the system search path % PATH%

·         Even more, because you can invoke the script with network path, an unmapped network resource, such as .:   \\Computer\share\test.bat  Then the script also "test.bat" will be run as Administrator, provided, however, that locally the PATH somewhere we have placed Batch_Admin. See comment above in the "Operating Conditions"

·         Resistant to various different combinations of  (EnableExtensions  or  DisableExtensions)  and  (DisableDelayedExpansion  or  EnableDelayedExpansion)

·         Prevents misunderstandings in writing the necessary auxiliary files when the script calls several Batch_Admin  almost at the same time. It uses the random number from 1 to 100

·         Prevents the user running the script, if not expressed approval for elevation to the Administrator

·         Sets one additional variable for use later in the script that causes it when it is in the current directory (see also note below):
        PATH_BAT - the same path to the location of the script, eg .:   C:\UTILS
  

NOTE:  If, however, the slave Batch script caused function CALL from one another need to have the correct value of these variables, you have yourself to add two lines (necessary when switching to the Administrator took place in the parent  script, because then including a child, as we mentioned above, our Batch_Admin no longer cause and not set properly  these variables possibly be old, appropriate for the parent script, and not the slave) - the two row is optional for the transition to this directory and can be combined mark & ​​at the begin of the first line:

 

                    SET "PATH_BAT=%~dp0"&SET "BatchFullName=%~dpf0"

                    CD /D "%~dp0"


Maintaining the value of the environment variable SET calling

Why would he do that?

By default, if you call from a parent script again, the script subordinate command CALL and only in the sub-script would be switching to an Administrator, you do not have any transfer of variables from the parent script. This is due to the fact that the elevation forever, but it always produces something from scratch, with clean copies of the settings and there is no natural appeal to what we set ourselves in the script is requesting.

However, Batch_Admin tool solves this problem and copy settings from the environment variable SET calling user to the environment after elevation of privilege, which keeps the current state variables and their values. He does so with all the variables, except for the TEMP. In the case of TEMP it regards the compatibility of behavior and execute scripts and finding temporary files, as it would expect any other creator Batch script, if the transition to an Administrator took place outside Batch_Admin.

No worries - these changes concern only the current run of the script, not a Windows system settings or general settings on the user's profile. It is not related to one another. Windows and so every time environment creates a setting. However, switching to an Administrator normally would copy settings as Administrator, and for a while before we had our own and a modified copy of the user. We say "copy variables for Administrator privileges" and not "copy variables Administrator", because still asking for a user name in the variable %USERNAME% gain after raising powers, eg. John, not Administrator.

This transfer of environment variables is similar in operation to a system command START. The START command moves just the default variable settings (environment (called. Environment)) from the current window calls in a new window, even regardless of whether you use the / B or not. In order not moved these variables, we must specialy use the parameter / I. Thus, in Batch_Admin is similar, only that it concerns the transition to Administrator permissions where Windows does not even have that option.


The advantages:

·         Moves the next set all the variables are set SET command that were previously, whether entered manually from the command line, or in any of its ancestors batch script which can test a script calling sequentially from the second CALL command, and any further is set Batch_Admin

·         Variable search path %PATH% is now such as before the transition to the Administrator, or if she'd been wearing modify the master script, this modification is maintained

·         The exception is the variable %TEMP%, in which Batch_Admin does not interfere, that is, as usual system itself changes (because changes when we move to an Administrator)

·         We get back access to two variables that normally disappear after raising powers to the Administrator:   

      CLIENTNAME   - the name of the remote computer, for example. The name of the station, which was called a terminal session, for example: COMPUTER-JOHN   

      SESSIONNAME  - the name of the remote session, for example. Terminal session number, for example:   RDP-Tcp#0

·         Other system variables are the same, because when you pick up on the Administrator and so do not change, for example.:
      USERNAME
      USERPROFILE
      HOMEPATH
      APPDATA

 

Cons:

If someone has changed in the parent script typically variable system, such as PATH, it will not have it now "clean" set of variables, and this may be then expected (when using the parameters described below)


Options cancellation and changes:

Just before calling Batch_Admin set the following variables to any value (to only were) and how empty it is by default:

     $Admin_SET     - prevents definitively restoring SET user variables, which will be new, clean environment variables Administrator
     $Admin_Temp  - while working to restore the variables, it also restores the variable %TEMP%, and then it is the same as before the call (by default does not restore)



Calling sub scripts Batch CALL command


NOTE: Normally, the transition to always require Administrator rights to run the script entirely from scratch in a new window, in a new environment, without reference to the pre-set variables and values ​​of these variables did not pass then to call as Administrator. But .... Batch_Admin in the new version it would do, and transfers these variables and their values ​​to induce the transition as Administrator (see description above). By contrast, still not the variables are set in the sub-script to move to the parent script. Therefore strong recommendation still applies to Batch_Admin cause in the first script and it's parent at the beginning, especially when the call command CALL subsequent scripts. There is no mistake paste the calling line Batch_Admin in each successive, sub-script, because they do in fact Batch_Admin will not be called, or there will be nothing to do, because it is already as Administrator.

   Let us therefore specific situation, when bad work and the situation where the well work, after repair
   
     Let's start with a bad call. In the example shown here in a second script, "2.bat" get the message
     (Valid because it is a new version of Batch_Admin transferring the master variable settings):


            [2] Variable_1 – Yes, I know this variable

     while the first script 1.bat will not know anything about setting up the second for Variable_2, namely:

            [1] Variable_2 - I know nothing of this variable


     Repair:     Just first script run as Administrator alone or also in him, that is, in "1.bat"  insert at the top of the call Batch_Admin as:
    

                           net session >nul 2>nul&if errorlevel 1  Batch_Admin "%~0" %*

 

 

     NOTE:     If the second script "2.bat" remove the front colons in a row
                           :: SET $Admin_SET=Whatever
                      then we can test what messages we get, if it was an old Batch_Admin, ie when there is no restoring variables from the parent script

 

 

The parent script, let's call him 1.BAT

 

@echo off

 echo [1] I'm beginning ...&echo.

 

SET Variable_1=abc

 

CALL 2.BAT

 

if     defined Variable_1   echo [1] Variable_1 - Yes, I know this variable

if not defined Variable_1   echo [1] Variable_1 - I know nothing of this variable

if     defined Variable_2   echo [1] Variable_2 - Yes, I know this variable

if not defined Variable_2   echo [1] Variable_2 - I know nothing of this variable

pause

    

 

     The child script, let's call him 2.BAT

 

@echo off

 REM *** A D M I N I S T R A T O R  ***

 :: SET $Admin_SET=Whatever

 net session >nul 2>nul&if errorlevel 1  Batch_Admin "%~0" %*

 

SET Variable_2=xyz

 

if     defined Variable_1   echo [2] Variable_1 - Yes, I know this variable

if not defined Variable_1   echo [2] Variable_1 - I know nothing of this variable

if     defined Variable_2   echo [2] Variable_2 - Yes, I know this variable

if not defined Variable_2   echo [2] Variable_2 - I know nothing of this variable

pause


 

Running programs EXE or internal system commands as Administrator

Batch_Admin script can also run any program as Administrator EXE and any internal command of Windows. For this purpose, Batch_Admin recognizes whether it is an EXE program, and if so, it changes little way of calling the command START to remained in the background is black window from the command line Batch_Admin. This can be different treatment programs EXE off before setting the variable $Admin_EXE to any value that only she was, and then EXE programs will run in the same way as scripts Batch and internal commands of Windows. This may be of some importance, because starting by the START command has some limitations in the use of call parameters of the program, especially the quotes with long names with spaces in between.

Although running EXE programs can be minor and can be treated as a curiosity, it has is also some advantages, such as:

• quick start with the usual command line or directly from the Start Menu> Run, and no need to pre shortcut, or set the compatibility mode, ie without changing the default status of the program. So, if you default the program does not require elevated privileges so it still can be set for this program, and even so we can quickly run it with elevated privileges
• directory (folder) to run the EXE application will be as it established from the command line rather than the default:  C:\Windows\System32

This time we do not use additional intermediary Batch script, but Batch_Admin run directly by typing the command immediately.
Examples of calls and use (methods for inducing as Administrator):

• Windows Explorer:  Batch_Admin explorer

• Windows Explorer straight to the selected folder:   Batch_Admin explorer c:\test
• Manage printers with the right to manage the ports, eg. TCP, their deletion, modification:   Batch_Admin control printers
• Notepad:   Batch_Admin notepad
• Notebook with the establishment (opening) a particular text document:   Batch_Admin notepad "New document.txt"
• Copy files and folders that require administrator rights:   Batch_Admin copy c:\test\my.bat c:\windows\system32

You can use such calls inside another script by CALL command, if only this You want to run as Administrator. See description below


 

Run as Administrator a single program, or any other script commands as if independently and in the course of processing a script running still without elevation

Rare situation, but it is this scenario:

• For some reasons we do not want to raise eligibility for the whole script the parent, and yet you want to make a single program, command, or another script with elevated privileges. This time we will use the call Batch_Admin the command for batch CALL to remain under control.

NOTE: This is what is so called will be processed regardless of the further processing of the calling script, like two independent processes, one as Administrator, and the script continues as a regular master user from the Administrators group. In addition, the master script processing goes on, without waiting for any results from what we run in such a way as Administrator. At most you could give time delay

Examples of such calls (used for this purpose commands CALL):

 

   CALL Batch_Admin Explorer c:\test

   CALL Batch_Admin Control Printers

   CALL Batch_Admin notepad c:\test\wyniki.txt

   CALL Batch_Admin inny_skrypt.bat


 

Summary of use:

NOTE: We assume here that the tool Batch_Admin.bat placed in a searchable directory specified in the PATH, eg. in C:\Windows

Uses and methods elevation [accurately stated or merely examples]

• for the whole script and everything will be further raised by him [exactly]
           
net session >nul 2>nul&if errorlevel 1  Batch_Admin "%~0" %*

• the selected program, command or script "by hand" from the command line or from Start> Run [example to Notepad]
           Batch_Admin notepad
• the selected program, command or script from within another script (Note: parallel processing) [example to Notepad]
           CALL Batch_Admin notepad


Additional options changing the default behavior, set before Batch_Admin to any value. If these variables are empty, or undefined, it Batch_Admin works with the default settings.

• show information and warnings about switching to an Administrator (set on the number of number of seconds show) [example]
         SET ShowAdminInfo = 5
• Do not transfer the user's environment, which is setting variable SET commands transmitted [exactly]
         SET $Admin_SET = Whatever
• if you transfer variables, but we want to TEMP also was the same as user [exactly]
        SET $Admin_Temp = Whatever
• If EXE programs to be calling the style as for other scripts and commands internal [exactly]
        SET $Admin_EXE = Whatever

For help, description of action, call Batch_Admin without any parameters or with the /? or /help
(However, only in the presence of a directory file Batch_Admin.bat) [example]:
        Batch_Admin /?



Below is the complete script Batch_Admin
Copy the following text into Notepad and save it to a disk as:   
Batch_Admin.bat

 

 

@echo off

(if '%1'=='' SET $Help$=Yes)&(if '%1'=='?' SET $Help$=Yes)&(if '%1'=='/?' SET $Help$=Yes)&(if /I '%1'=='/HELP' SET $Help$=Yes)&(if /I '%1'=='-HELP' SET $Help$=Yes)&(if /I '%1'=='/INFO' SET $Help$=Yes)

if '%$Help$%'=='Yes' if exist Batch_Admin.bat  (SET $Help_BAT$=Batch_Admin.bat) else (FOR /F %%I IN ("Batch_Admin.bat") DO (SET $Help_BAT$=%%~$PATH:I))

if '%$Help$%'=='Yes' (SET $Help$=&cls&MORE /C /E +85 "%$Help_BAT$%"&SET $Help_BAT$=&pause&goto:eof)

 

::  A D M I N I S T R A T O R   - Automatically get admin rights for script batch. Paste this on top:    net session >nul 2>nul&if errorlevel 1  Batch_Admin "%~0" %*

::                                Also keep Batch directory localisation and then set variable:   PATH_BAT

::                                if earlier variable "ShowAdminInfo" is empty (not defined) then no info, else showing info with number of seconds

::

::                                Elaboration:  Artur Zgadzaj        Status:  Free for use and distribute

setlocal

setlocal EnableExtensions

setlocal DisableDelayedExpansion

 

MD %TEMP% 2> nul

SET /A $Admin_Number=%RANDOM% * 100 / 32768 + 1

SET > "%TEMP%\$Batch_Admin_%$Admin_Number%__SET.TXT"

 

SET "PATH_BAT=%~dp1"&if not exist "%~1" if not exist "%~1.*" SET "PATH_BAT="

 

 SET $Parameters=%*

setlocal EnableDelayedExpansion

 SET $Parameters=!$Parameters:%%=%%%%!

setlocal DisableDelayedExpansion

 

net session >nul 2>nul&if not errorlevel 1  goto Administrator_OK

 

SET "$Script=%PATH_BAT%%~nx1"

SET "$Script=%$Script:(=^(%"

SET "$Script=%$Script:)=^)%"

 

if defined ShowAdminInfo   (

   echo.

   echo Script = %$Script%

   echo.

   echo ******************************************************************************

   echo ***   R U N N I N G    A S    A D M I N I S T R A T O R    F O R   Y O U   ***

   echo ******************************************************************************

   echo.

   echo Call up just as the Administrator. You can make a shortcut to the script and set

   echo.

   echo          shortcut ^> Advanced ^> Running as Administrator

   echo.

   echo     Alternatively run once "As Administrator"

   echo     or in the Schedule tasks with highest privileges

   echo.

   echo Cancel Ctrl-C or wait for launch  %ShowAdminInfo%  seconds ...

   TIMEOUT /T %ShowAdminInfo% > nul

   )

 

SET "BatchFullName_EXE=%~1"&SET "EXT=%~x1"&SET "Start_EXE="

if /I not '%EXT%'=='.EXE'   SET "BatchFullName_EXE=%BatchFullName_EXE%.EXE"

if not defined $Admin_EXE  if exist "%BatchFullName_EXE%"  (SET Start_EXE=START "" /B) else (FOR /F %%I IN ("%BatchFullName_EXE%") DO (if not '%%~$PATH:I'==''  SET Start_EXE=START "" /B))

 

SET "Admin_Name=$Batch_Admin_%$Admin_Number%"

SET "Inverted_Commas="

del "%TEMP%\%Admin_Name%_Start.bat" 2>nul

echo %$Parameters% > "%TEMP%\%Admin_Name%_Start.bat"

if not exist "%TEMP%\%Admin_Name%_Start.bat"  SET Inverted_Commas=^"

 

echo @echo off > "%TEMP%\%Admin_Name%_Start.bat"

echo setlocal DisableDelayedExpansion >> "%TEMP%\%Admin_Name%_Start.bat"

if not defined $Admin_Temp  echo SET TEMP^>^>"%TEMP%\%Admin_Name%__SET.TXT">> "%TEMP%\%Admin_Name%_Start.bat"

if not defined $Admin_SET   echo FOR /F ^"delims=^" %%%%A IN ^(%TEMP%\%Admin_Name%__SET.TXT^) DO SET %%%%A>> "%TEMP%\%Admin_Name%_Start.bat"

echo SET TMP=%%TEMP%%^&SET $Admin_Number=^&SET "PATH_BAT=%PATH_BAT%">> "%TEMP%\%Admin_Name%_Start.bat"

echo del "%TEMP%\%Admin_Name%__*.*" 2^>nul >> "%TEMP%\%Admin_Name%_Start.bat"

echo CD /D "%CD%" >> "%TEMP%\%Admin_Name%_Start.bat"

echo %Start_EXE% %$Parameters% %Inverted_Commas% >> "%TEMP%\%Admin_Name%_Start.bat"

 

echo SET UAC = CreateObject^("Shell.Application"^)                         > "%TEMP%\%Admin_Name%__getPrivileges.vbs"

echo UAC.ShellExecute "%TEMP%\%Admin_Name%_Start.bat", "", "", "runas", 1 >> "%TEMP%\%Admin_Name%__getPrivileges.vbs"

"%TEMP%\%Admin_Name%__getPrivileges.vbs"

endlocal

exit /B

 

:Administrator_OK

%$Parameters%

endlocal

goto:eof

REM *** A D M I N I S T R A T O R  - Automatically get admin rights  (The End)  ***


Comments

  • is the author of this article still available for questions or feedback? Anyone have positive experience with following this article or using the scripts mentioned in it? - jcalvo@huntonbrady.com 5 years ago
    • Yes, I am.

      I am very glad that it can be useful for someone. Thank you. I'm impressed.
      Therefore, one small note on the occasion. Well, this script can be named by you as you like it, that is, its name changed, and it will still work properly. A long name can also be used, i.e. with spaces inside and with international signs. I tested with Polish national signs. However, probably not a long name will interest someone, but a maximum of its short variation.
      So, what would you say if we changed the name of the script from Batch_Admin.bat to short, simply as: admin.bat
      How much better it will be to call an explorer by writing briefly:
      admin explorer
      instead:
      batch_admin explorer - Artur Zgadzaj 5 years ago
  • hi i want to run a bat file to run a exe with admin privileges how can i achieve this from the above shared script ! - karthik.k04 4 years ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ