Windows: Running privileged command from non-privileged using CMD (or Java)

Asked 6/9, 2011 at 15:11 Answered 6/9, 2011 at 15:47

Solved java windows cmd privileges administrator

I will have a service that runs as administrator and listens on a port. My GUI program will talk to the administrator service for the items that require administrator privileges.

If the service is not yet running, I will need to start it. How can I get my GUI program to run a command as administrator? I assume the user will be asked if they want to continue.

I am hoping there is something I could type in a CMD window because that should fit very well into my Java program. I am thinking something like run-as-admin javaw my-service.jar where run-as-admin is the command that asks whether to continue or not.

Registration answered 6/9, 2011 at 15:11 Comment(2)

It doesn't sound like this is the solution you're looking for, but you can also change the security settings for a particular service so that non-administrators can start it. – Fourscore 6/9, 2011 at 22:49

Yep, not what I'm looking for :) – Registration 7/9, 2011 at 0:17

You can't execute a batch file as administrator. You need to create a shortcut to that file and then set the flag in the Shortcut 'Execute as Administrator', if this is really what you want to do.

To do this from the desktop, select the Shortcut, right click and Properties->Shortcut tab->Advanced button. Then check Execute as Administrator checkbox.

To do this programmatically, see How to set "Run as administrator" flag on shortcut created by MSI installer

Bartell answered 6/9, 2011 at 15:21 Comment(1)

A shortcut looks like a good idea. I will look into it. I do not use MSI installers however, I will want to know how to do this with a manually crafted .lnk file. – Registration 6/9, 2011 at 16:7

Windows contains the tool "runas" which can be used to start any executable with a different user account.

On the commandline you would then use:

runas /user:Administrator "javaw -jar my-service.jar"

The only drawback is, that you need to type in the password, you cannot supply the password as an argument to the runas command

Hitoshi answered 6/9, 2011 at 15:47 Comment(1)

Administrator is not a separate user account on my Vista machine. It won't be in most cases. Here is an example machine with no password on either user account, both user accounts are "administrators". I run the command, enter no password and it says 5: access denied – Registration 6/9, 2011 at 16:4

You have a problem here. Non admin processes cannot start services. The very simplest thing to do is to arrange that the service starts automatically. I'd strongly recommend you take that route.

What you are thinking of doing would involve creating a helper application that includes the UAC manifest with requestedExecutionLevel set to requireAdministrator. This helper app could then start the service. The problem with this is that it requires that the logged on user is in the administrators group which you cannot guarantee will be the case.

All in all, starting the service automatically is to be preferred.

Cesium answered 6/9, 2011 at 15:19 Comment(6)

I agree it is preferred. This is a backup, so if the service is killed or failed, there is a recourse – Registration 6/9, 2011 at 16:1

Sometimes people use guardian services to achieve this. – Cesium 6/9, 2011 at 16:1

Good idea, although I still would like an answer to the actual question if there is one. – Registration 6/9, 2011 at 16:5

My second paragraph explains what you need to do to get a process to run with elevated privileges. – Cesium 6/9, 2011 at 16:7

Sorry for the oversight. Now I am just crossing my fingers in hope that I won't have to create my own .exe. – Registration 6/9, 2011 at 16:10

@George There must be a neat Java way to do this, but on the Windows platform the user token (that's what decides whether the process is elevated or not) is assigned at process startup and cannot be changed. Hence there at least needs to be a different process. It can be a COM out-of-proc server but I think that's even further away from your comfort zone! – Cesium 6/9, 2011 at 16:12

We use the Wrapper library for this: http://sourceforge.net/projects/wrapper/

The official website seems to be suffering from dynamic dns issues at the moment, so here is the wayback archive version.

From the command line (and by extension, Java) you can install, uninstall, start, and stop your Java application as a service.

Predisposition answered 6/9, 2011 at 15:16 Comment(0)

You can't execute a batch file as administrator. You need to create a shortcut to that file and then set the flag in the Shortcut 'Execute as Administrator', if this is really what you want to do.

To do this from the desktop, select the Shortcut, right click and Properties->Shortcut tab->Advanced button. Then check Execute as Administrator checkbox.

To do this programmatically, see How to set "Run as administrator" flag on shortcut created by MSI installer

Bartell answered 6/9, 2011 at 15:21 Comment(1)

A shortcut looks like a good idea. I will look into it. I do not use MSI installers however, I will want to know how to do this with a manually crafted .lnk file. – Registration 6/9, 2011 at 16:7

Recommended topics

Hot tags