Login/Register
How to request Administrator access inside a batch file
Asked Answered
Solved batch-filecommand-lineuacelevated-privileges
P

16

227

I am trying to write a batch file for my users to run from their Vista machines with UAC. The file is re-writing their hosts file, so it needs to be run with Administrator permissions. I need to be able to send them an email with a link to the .bat file. The desired behavior is that when they right-click on the file and say Open, they will get one of those UAC dialogs that makes the screen go dark and forces them to answer whether they want to give the application permission to run as administrator. Instead, they are just seeing "Access denied" on the command line window.

Is this possible to do differently?

Postorbital answered 12/12, 2009 at 22:53 Comment(1)
If you came across this and, like me, are happy with using PowerShell, don't miss the one-liner from @toster-cx. Perfect!Agency
N
434

This script does the trick! Just paste it into the top of your bat file. If you want to review the output of your script, add a "pause" command at the bottom of your batch file.

UPDATE: This script is now slightly edited to support command line arguments and a 64 bit OS.

Thank you Eneerge @ https://sites.google.com/site/eneerge/scripts/batchgotadmin

@echo off

:: BatchGotAdmin
:-------------------------------------
REM  --> Check for permissions
    IF "%PROCESSOR_ARCHITECTURE%" EQU "amd64" (
>nul 2>&1 "%SYSTEMROOT%\SysWOW64\cacls.exe" "%SYSTEMROOT%\SysWOW64\config\system"
) ELSE (
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
)

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    set params= %*
    echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params:"=""%", "", "runas", 1 >> "%temp%\getadmin.vbs"

    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
    exit /B

:gotAdmin
    pushd "%CD%"
    CD /D "%~dp0"
:--------------------------------------    
    <YOUR BATCH SCRIPT HERE>
Nightshirt answered 7/4, 2012 at 6:6 Comment(42)
I hate having to do this filthy dos batch nonsense but sometimes you are forced to and this works great. Cheers!Cianca
Just as a FYI this is tested as working in Windows 8 EmbeddedNila
This throws my machine into a spiral of command windows opening and closing diagonally across the screen. The only way to stop it is to delete the original batch file. It is repeatedly running my batch file and writing the vbs file. The first time it asked for authorization, but after that it just loops.Leery
Sorry it is causing you issues, @TomDestry. Can you troubleshoot the problem? Can you tell why it loops? What OS are you using? On my windows 7 setup and many other windows 7 systems I have used this on, it has worked without fail. Happy to help improve the script if you can provide some more input.Nightshirt
Ben, I'm on Windows 7 too, SP1. It seems the vbs call returns error code 2, which causes the script to goto UACPrompt again, and again, and again. I don't know what error code 2 means, so I can't get much further.Leery
Yes it works for me on XP now. Thanks! You can remove the line after :gotAdmin that deletes getadmin.vbs since you now delete it after it runs. @Leery Usually error code 2 means ERROR_FILE_NOT_FOUNDEncouragement
@Leery if JHigs is right about error code 2 meaning file not found, it appears the user account can't right to the temp directory. Not sure there is anything the script can do to fix that. Does the file need to be written somewhere else? JHigs, I removed the second delete. Thanks for the input.Nightshirt
@BenGripka - Great post! I'm curious why you put the stdout/stderr redirects in front of the command (e.g., > nul 2>&1 foo.exe instead of foo.exe > null 2>&1). I feel proficient at windows batch scripting, but have never seen this style before; I was surprised it even worked. Is there an advantage to this? Thanks!Diandre
runas will fail if you are running in WOW64 (a 32 bit process on 64 bit Windows) for example %systemroot%\syswow64\cmd.exe...source: ss64.com/vb/shellexecute.htmlUncircumcision
@SteveJansen I found this script on Eneerge's website that was given credit above. Typically, like you, I put the arguments and redirects after the exe. But when something works, it seems best to leave it be.Nightshirt
@Uncircumcision do you have a proposed edit so it works for WOW64 and the typical scenarios?Nightshirt
@BenGripka Honestly, the best solution I've come up with is to not use a batch script, and instead just write an executable, sad as it is, and not necessarily the answer to this question...something like this can get the job done better and more reliably, and less chance of failure if done right, and less hoops to jump through: pastebin.com/kfivGEvt (note: I'm assuming you want UAC for something in particular, not just for the sake of getting UAC, like for launching dism...and...you can already run the application as elevated by editing the manifest for this purpose)...Uncircumcision
I ran into the exact same problem as TomDestry with the infinite loop and return code 2. This was on Windows 8.1. I know it worked on Windows 8.0, and can't say for sure whether it was the 8.1 update or something else that caused the isssue. The solution that worked for me was to not use cacls.exe (or icacls), rather: net session >nul 2>&1 IF ERRORLEVEL 1 goto UACPrompt ...Erastatus
I'm sorry I followed the advice here but keep getting infinite loop new command prompt launch with "requesting administrative privileges" when I run this script. Win 7 Pro SP1.Taunton
I'm wondering what's supposed to be happening in the line set params = %*:"="". Could someone please explain to me what's going on here? For starters, %params% doesn't get assigned because there's an extra space before the equal sign. Then it looks like there's an extra quote on the end. Is there a purpose for this?Crescentic
On Windows 8.1, using "/c %~s0 %params%" doesn't seem to pass arguments. To fix this, double quotes (escaped by another double quote) are needed around the params, like "/c %~s0 ""%params%""".Hush
Actually, wait... The above doesn't work as expected... And like I said, it doesn't pass arguments... I'm still looking for a solution (wouldn't mind help here though). The cause is apparently that the quote replacement leads to an empty string for some reason.Hush
I had the same problem as @Leery on windows 8. For me the problem was that "%SYSTEMROOT%\system32\config\system" doesn't exist, so the cacls always fails causing the infinite loop. I fixed it simply by doing >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config".Carotenoid
This solution executes the script in the directory the script lives in. I needed it to exit in the directory I ran it from (I have relative paths...). So I added cd %CD% & in the "cmd.exe", "/c cd %CD% & %~s0...Carotenoid
When I run the VBS, grant permission, and the batch file is restarted, it seems to run as intended but the new CMD session starts in the same CMD window, and still does not have admin rights - I can't write to the C;\ directory, for example. This is on a new Win7 install (in a VMware VM).Dwinnell
Note that cacls is deprecated since Windows 7.Frazee
When calling this from a batch file it caused a loop. Fixed by replacing the shell execute command with: echo UAC.ShellExecute "cmd.exe", "/c regsvr32 /s ""%~dp0myfile.ocx""", "", "runas", 1 >> "%temp%\getadmin.vbs"Nibelung
If you're having problems running this batch script from a network share, try copying it to a local drive first.Cobra
@Leery I finally figured out the endless loop and posted an edit. Was reference to system32\cals.exe when running a 64 bit process. There may be other reasons for failure but at least now 64 bit processes are supported.Nightshirt
Have suggested an edit to assign the params variable and then replace " with "" as two separate lines. This seems to solve the passing arguments issue for me.Arcboutant
@BenGripka Two suggested edits were approved in 2016 that changed your answer. Do you agree with the changes? If not, roll back.Pfeiffer
@MathiasMüller I just tested the script changes and in my environment all is working as it did before the modifications. As many have reported there was an infinite loop problem in some environments. I thought I addressed that with a change on Dec 9 2015 but potentially this edit was needed to fix that problem in other environments. I can say the edit hasn't hurt but I can't say definitively it has helped.Nightshirt
@BenGripka Alright, I was asking because your answer came up in the suggested edits queue and I was not quite sure whether I should approve the edits or not. If the answer still works, then perhaps the edits aren't too bad.Pfeiffer
Is it possible to get rid of the much code by putting it into another batch file? What I would like to see is an evaluate.bat I can put into %windir%\System32 or the same directory and then I could simply call evaluate.bat %0 or something and it will relaunch my script as admin if it has not obtained admin rights so far. Even when this solution works, it's not very handy for quick access and usage.Saga
So there is no other solution without using VB parts? No plain BS alternativity? Stupid Windows.Transude
Please see my answer (https://mcmap.net/q/13751/-how-to-request-administrator-access-inside-a-batch-file) about the infinite loops and how to resolve them. Also notice that "amd64" was "AMD64" in my case (upper case). And although I'm on x64, only the check for cacls in system32 worked for me. However, I would remove this check at all - see my answerPulitzer
This works for me but I have to replace lines like this :-------------------------------------- into this ::-------------------------------------- It just replace colon to double colon, maybe replace REM to double colon too. Thank you.Teleplay
arguments did not pass to the code. My command line: mybatchscript 5.6 My code: echo 'number: %1' The 5.6 is argument but it did not send to the codeTeleplay
@Teleplay I fixed the params part by using this line set params=%* (no spaces), what does the original version do? ...the spaces around = are obviously wrong...Janis
Major bugs fixed regarding preservation of arguments. I normally would not make such substantive changes to another user's answer. But this accepted answer is obviously important to many people, and it has been bugged since Jan 2013, when the OP attempted to enhance the code to preserve arguments. A full explanation of the bug and fix can be found at superuser.com/a/1249855/109090Brookite
Note - I did not investigate the "endless loop" issue. Perhaps some techniques from the fishbone answer need to be folded into this code.Brookite
@rahuldottech - My fix for preserving arguments had a bug if no arguments were passed. The params var would be undefined, so the quote doubling code would result in unbalanced parens, which would escape the redirection. I fixed the code by using set params= %* instead of set params=%*, so params is guaranteed to be definedBrookite
@Brookite Thank you so much! I just want to let you know that your scripts have helped me a lot over the past couple of years. Thanks a ton.Zanze
I don't know why you use "%~s0 " in the vbs file which troubled me a lot when I tried to use %cd% in my batch script.Now I use %~0 instead and haven't found any thing wrong yet.Joinery
@BenGripka, Thanks a lot, However, It doesn't work for some commands such as "doskey". Is there any solutions?Fionnula
Why are there two lines to change dir: pushd "%CD%" and CD /D "%~dp0"? Why is it not just pushd %~dp0?Janis
Why are you using %~s0 instead of %~dpf0?Janis
O
80

Here's what I've been using:

@echo off
if not "%1"=="am_admin" (
    powershell -Command "Start-Process -Verb RunAs -FilePath '%0' -ArgumentList 'am_admin'"
    exit /b
)

echo main code here
pause

Notes:

  • The -Verb RunAs flag of Start-Process is what enables the administrative elevation.
  • Only tested on windows 7 and 10, you might have to mess around with the quoting
  • Doesn't support passing along arguments for now, but you might be able to add more stuff to -ArgumentList. Note that -ArgumentList accepts either a single string or a string array.
Onesided answered 2/11, 2016 at 20:2 Comment(6)
If you know how many params there could be, you can pass parameters by including them after am_admin if not "%1"=="am_admin" (powershell start -verb runas '%0' 'am_admin "%~1" "%~2"' & exit) The params will be one above where they wereStabilizer
Also possible to use 'am_admin %*' to pass everything, doesn't play well with quotes and spaces tho :/ You can use shift in batch to pop the first arg off, thus fixing all args except %0.Onesided
This is good answer, but shouldnt be an accepted, because it DOESNT check if on the FIRST run it was run with ADMIN privilege or not.Talca
To keep the working directory add cd /D %~dp0 after if not "%1"=="am_admin" (powershell start -verb runas '%0' am_admin & exit /b)Southing
Good answer. Simply works while the VB script thing creates an infinite loop, even with write permission for %temp%.Sian
Brilliant. Will save me from many a right-click. One-liner is much preferred when theres' a large amount of tiny batch files, e.g. simply for starting/stopping/restarting services, or sets thereof. (E.g. swapping config for Apache to run with different versions of PHP.)Anything
H
20

Here is my code! It looks big but it is mostly comment lines (the lines starting with ::).

Features:

  • Full argument forwarding

  • Does not change working folder

  • Error handling

  • Accepts paths with parenthesis (except for %TEMP% folder)

  • Supports UNC paths

  • Mapped folder check (Warn´s you if admin can´t access mapped drive)

  • Can be used as an external library (check my post at this topic: https://mcmap.net/q/13950/-windows-bat-cmd-function-library-in-own-file)

  • Can be called when/if needed anywhere in your code

Just attach this to the end of your batch file, or save it as a library (check above)

    :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:RequestAdminElevation FilePath %* || goto:eof
:: 
:: By:   Cyberponk,     v1.6 - 05/05/2023 - Fixed crash when batch filename contained spaces
::          v1.5 - 10/06/2016 - Changed the admin rights test method from cacls to fltmc
::          v1.4 - 17/05/2016 - Added instructions for arguments with ! char
::          v1.3 - 01/08/2015 - Fixed not returning to original folder after elevation successful
::          v1.2 - 30/07/2015 - Added error message when running from mapped drive
::          v1.1 - 01/06/2015
:: 
:: Func: opens an admin elevation prompt. If elevated, runs everything after the function call, with elevated rights.
:: Returns: -1 if elevation was requested
::           0 if elevation was successful
::           1 if an error occured
:: 
:: USAGE:
:: If function is copied to a batch file:
::     call :RequestAdminElevation "%~dpf0" %* || goto:eof
::
:: If called as an external library (from a separate batch file):
::     set "_DeleteOnExit=0" on Options
::     (call :RequestAdminElevation "%~dpf0" %* || goto:eof) && CD /D %CD%
::
:: If called from inside another CALL, you must set "_ThisFile=%~dpf0" at the beginning of the file
::     call :RequestAdminElevation "%_ThisFile%" %* || goto:eof
::
:: If you need to use the ! char in the arguments, the calling must be done like this, and afterwards you must use %args% to get the correct arguments:
::      set "args=%* "
::      call :RequestAdminElevation .....   use one of the above but replace the %* with %args:!={a)%
::      set "args=%args:{a)=!%" 
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
setlocal ENABLEDELAYEDEXPANSION & set "_FilePath=%~1"
  if NOT EXIST "!_FilePath!" (echo/Read RequestAdminElevation usage information)
  :: UAC.ShellExecute only works with 8.3 filename, so use %~s1
  set "_FN=_%~ns1" & echo/%TEMP%| findstr /C:"(" >nul && (echo/ERROR: %%TEMP%% path can not contain parenthesis &pause &endlocal &fc;: 2>nul & goto:eof)
  :: Remove parenthesis from the temp filename
  set _FN=%_FN:(=%
  set _vbspath="%temp:~%\%_FN:)=%.vbs" & set "_batpath=%temp:~%\%_FN:)=%.bat"

  :: Test if we gave admin rights
  fltmc >nul 2>&1 || goto :_getElevation

  :: Elevation successful
  (if exist %_vbspath% ( del %_vbspath% )) & (if exist "%_batpath%" ( del "%_batpath%" )) 
  :: Set ERRORLEVEL 0, set original folder and exit
  endlocal & CD /D "%~dp1" & ver >nul & goto:eof

  :_getElevation
  echo/Requesting elevation...
  :: Try to create %_vbspath% file. If failed, exit with ERRORLEVEL 1
  echo/Set UAC = CreateObject^("Shell.Application"^) > %_vbspath% || (echo/&echo/Unable to create %_vbspath% & endlocal &md; 2>nul &goto:eof) 
  echo/UAC.ShellExecute "%_batpath%", "", "", "runas", 1 >> %_vbspath% & echo/wscript.Quit(1)>> %_vbspath%
  :: Try to create %_batpath% file. If failed, exit with ERRORLEVEL 1
  echo/@%* > "%_batpath%" || (echo/&echo/Unable to create %_batpath% & endlocal &md; 2>nul &goto:eof)
  echo/@if %%errorlevel%%==9009 (echo/^&echo/Admin user could not read the batch file. If running from a mapped drive or UNC path, check if Admin user can read it.)^&echo/^& @if %%errorlevel%% NEQ 0 pause >> "%_batpath%"

  :: Run %_vbspath%, that calls %_batpath%, that calls the original file
  %_vbspath% && (echo/&echo/Failed to run VBscript %_vbspath% &endlocal &md; 2>nul & goto:eof)
  
  :: Vbscript has been run, exit with ERRORLEVEL -1
  echo/&echo/Elevation was requested on a new CMD window &endlocal &fc;: 2>nul & goto:eof
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Example on how to use it

:EXAMPLE
@echo off

 :: Run this script with elevation
 call :RequestAdminElevation "%~dpfs0" %* || goto:eof
 
  echo/I now have Admin rights!
  echo/
  echo/Arguments using %%args%%:    %args%
  echo/Arguments using %%*: %*
  echo/%%1= %~1
  echo/%%2= %~2
  echo/%%3= %~3

  echo/
  echo/Current Directory: %CD%
  echo/
  echo/This file: %0
  echo/

pause &goto:eof

[here you paste the RequestAdminElevation function code]
Highpitched answered 2/6, 2015 at 7:39 Comment(14)
Works great but I had to change a line to get it to work. The &fc;: 2>nul in set "_FN=_%~ns1" & echo/%TEMP%| findstr /C:"(" >nul && (echo/ERROR: %%TEMP%% path can not contain parenthesis &pause &endlocal &fc;: 2>nul & goto:eof) was setting the errorlevel to 1. I removed that bit and it worked perfect. I'm using Windows 10 Home.Handshake
Does your %temp% folder have parenthesis in it´s path ? Only in this case the errorlevel 1 is supposed to be set.Highpitched
Nope. Does it need the fc;: since it goes :eof right after? I'm not sure why that little bit caused the issue either, since it should be getting executed.Handshake
"fc;: 2>nul" is there intentionally to set ERRORLEVEL 1 before exiting, to signal an error. Could you please remove the @echo off and make a run and send me the output in a private message? Thanks!Highpitched
Anyway, the echo/%TEMP%| findstr /C:"(" >nul tests if there is a ( char in yout %temp% environment variable, and should only run the part after the && if positive. It is strange why your ( test is returning positive though.Highpitched
Ok, it seems that this issue only occurs if I'm running it from a console that I started with admin rights. Here's the output; Cleaned up for brevity. call :RequestAdminElevation "...\OXYGEN~1.BAT" || goto:eof setlocal ... ErrorLevel is 0 set "_FN=_OXYGEN~1" & echo/C:\Users****\AppData\Local\Temp | findstr /C:"(" 1>nul && (echo/ERROR: ... goto:eof) ErrorLevel is 1 ... Elevation was requested on a new CMD window New window output mirrors the above output.Handshake
Once elevated, is it possible to switch back to non-elevated ? So, in a .bat file you would have echo/I currently have non-admin/standard user rights :: Run next part with elevation call :RequestAdminElevation "%~dpfs0" %* || goto:eof echo/I now have Admin rights! :: Run next part non-elevated (ie. without elevation) call :RequestNonAdminRights "%~dpfs0" %* || goto:eof echo/I now have non-admin/standard user rights again!Hilburn
This could be done, but not with this script as is. I´m curious though, why would you want to do this ?Highpitched
I had planned on having a single script where I want to do certain operations in a specific order. Some of these require elevation, while others don't. For example, the order might be something like NORMAL,NORMAL,ADMIN,ADMIN,NORMAL,ADMIN,ADMIN,NORMALHilburn
What are the advantages to your script as opposed to the accepted answer ? Also, what is the reason for switching to fltmc for admin check, instead of cacls ?Hilburn
You can do normal operations after elevation is requested, I don´t think this would be a problem. Only problem would be if you are using shared network folders, because of permissions. But you can do all the normal operations first, and then request elevarion and do all the admin operations, if the order is not important.Highpitched
The advantages of this script is everything listed in the "Features" part of the answer. Basically, I work as an IT network manager and I was using the accepted answer but found many problems with it, so I created an alternative solution and got rid of all it´s bugs. I changed from cacls to fltmc for better compatibility. Cacls does not work on some windows versions and was causing error in some situations. Thanks!Highpitched
Is it possible to write the output of the elevated script to the main-cmd? I am calling my cmd-file from a java-application and i want to fetch the output, but I only get "Requesting elevation..." and "Elevation was requested on a new CMD window", but not the echo's of my normal cmd-FileRigatoni
I´m afraid that isn´t possible with the code as is, because to request elevation the script must open a new CMD window. You might be able to write the output of your script to a file, then open the file in your java application.Highpitched
P
11

Another approach is to

  • create a shortcut locally and set it to call for Admin permission (Properties, Advanced, Run as Admin)

and then

  • send your users the shortcut (or a link to the shortcut rather than one to the batch file itself).
Pellucid answered 2/11, 2016 at 21:0 Comment(0)
P
6

Ben Gripka's solution causes infinite loops. His batch works like this (pseudo code):

IF "no admin privileges?"
    "write a VBS that calls this batch with admin privileges"
ELSE
    "execute actual commands that require admin privileges"

As you can see, this causes an infinite loop, if the VBS fails requesting admin privileges.

However, the infinite loop can occur, although admin priviliges have been requested successfully.

The check in Ben Gripka's batch file is just error-prone. I played around with the batch and observed that admin privileges are available although the check failed. Interestingly, the check worked as expected, if I started the batch file from windows explorer, but it didn't when I started it from my IDE.

So I suggest to use two separate batch files. The first generates the VBS that calls the second batch file:

@echo off

echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c ""%~dp0\my_commands.bat"" %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"

The second, named "my_commands.bat" and located in the same directory as the first contains your actual commands:

pushd "%CD%"
CD /D "%~dp0"
REM Your commands which require admin privileges here

This causes no infinite loops and also removes the error-prone admin privilege check.

Pulitzer answered 8/12, 2016 at 9:55 Comment(2)
Worked for you? Sadly for me, this and all the others here and from the other thread fail because of the same underlying issue. The "runas" parm (or command) fails whenever the Shell Object is created indirectly from inside another program. Thread of interest here.Iridectomy
Worked for me :)Yellowweed
T
6

Another PowerShell Solution...

This is not about running a batch script as admin per, but rather how to elevate another program from batch...

I have a batch file "wrapper" for an exe. They have the same "root file name", but alternate extensions. I am able to launch the exe as admin, and set the working directory to the one containing the script, with the following one line powershell invocation:

@powershell "Start-Process -FilePath '%~n0.exe' -WorkingDirectory '%~dp0' -Verb RunAs"

More info

There are a whole slew of additional Start-Process options as well that you can apply! Check out: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/start-process?view=powershell-6

Note that I use the @ prefix. That's equivalent to @echo off for the one line. I use %~n0 here to get the "root name" of the batch script, then I concatenate the .exe to point it the adjancent binary. The use of %~dp0 provides the full path to the directory which the batch resides. And, of course, the -Verb RunAs parameter provides the elevation.

Tartarous answered 6/10, 2019 at 0:53 Comment(0)
E
4

I know this is not a solution for OP, but since I'm sure there are many other use cases here, I thought I would share.

I've had problems with all the code examples in these answers but then I found : http://www.robotronic.de/runasspcEn.html

It not only allows you to run as admin, it checks the file to make sure it has not been tampered with and stores the needed information securely. I'll admit it's not the most obvious tool to figure out how to use but for those of us writing code it should be simple enough.

Elmira answered 3/5, 2013 at 3:44 Comment(0)
A
4
@echo off 
Net session >nul 2>&1 || (PowerShell start -verb runas '%~0' &exit /b)
Echo Administrative privileges have been got. & pause

The above works on my Windows 10 Version 1903

Awaken answered 7/3, 2020 at 10:16 Comment(0)
M
3

@echo off and title can come before this code:

net session>nul 2>&1
if %errorlevel%==0 goto main
echo CreateObject("Shell.Application").ShellExecute "%~f0", "", "", "runas">"%temp%/elevate.vbs"
"%temp%/elevate.vbs"
del "%temp%/elevate.vbs"
exit

:main
    <code goes here>
exit

A lot of the other answers are overkill if you don't need to worry about the following:

  • Parameters
  • Working Directory (cd %~dp0 will change to the directory containing the batch file)
Mccomb answered 3/2, 2018 at 10:56 Comment(0)
I
2

There's also the FSUTIL query from this post which is also linked at ss64.com that has the following code:

@Echo Off
Setlocal
:: First check if we are running As Admin/Elevated
FSUTIL dirty query %SystemDrive% >nul
if %errorlevel% EQU 0 goto START

::Create and run a temporary VBScript to elevate this batch file
   Set _batchFile=%~f0
   Set _Args=%*
   :: double up any quotes
   Set _batchFile=""%_batchFile:"=%""
   Set _Args=%_Args:"=""%

   Echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\~ElevateMe.vbs"
   Echo UAC.ShellExecute "cmd", "/c ""%_batchFile% %_Args%""", "", "runas", 1 >> "%temp%\~ElevateMe.vbs"

   cscript "%temp%\~ElevateMe.vbs" 
   Exit /B

:START
:: set the current directory to the batch file location
cd /d %~dp0
:: Place the code which requires Admin/elevation below
Echo We are now running as admin [%1] [%2]
pause

As long as FSUTIL is around, it's a reliable alternative.

Iridectomy answered 5/12, 2019 at 4:48 Comment(0)
T
1

Since I have troubles with this script popping up a new command prompt with itself run again, in infinite loop (using Win 7 Pro), I suggest you try another approach :How can I auto-elevate my batch file, so that it requests from UAC administrator rights if required?

Be careful, you have to add this at the end of script, as stated in an edit, so that you are back to script directory after privileges were elevated : cd /d %~dp0

Taunton answered 24/10, 2014 at 9:46 Comment(1)
Check my answer to this question. It handles all these problems.Highpitched
T
1

Based on post by toster-cx and other interesting posts on this page, I got insight on how to configure and solve my problem. I had similar issue where I wished that Disk Cleanup utility runs every week twice on Monday and Thursday during lunch hours (say 2 pm). However, this required elevated rights.

Sharing batch file which might help other beginners like me - 

@echo off
echo  Welcome to scheduling 'PC Maintenance Activity'
ping localhost -n 3 >nul
echo -- Step - 1 of 3 : Please give 'Admin' rights on next screen
ping localhost -n 5 >nul
if not "%1"=="am_admin" (powershell start -verb runas '%0' am_admin & exit)
cls
echo -- Step - 2 of 3 : In next screen, select temp areas for cleaning 
during routine scheduled activity
ping localhost -n 3 >nul
C:\Windows\System32\cleanmgr.exe /sageset:112
cls
echo    Now scheduling maintenance activity...
SchTasks /Create /SC WEEKLY /D MON,THU /TN PC_Cleanup /TR 
"C:\Windows\System32\cleanmgr.exe "/sagerun:112 /ST 14:00

cls

echo                         -- Thanks for your co-operation --
echo                    -- Maintenance activity is scheduled for --
echo                       -- Every Monday and Thursday at 2 pm --

ping localhost -n 10 >nul

Thanks a lot for this forum and Rems POST here [https://www.petri.com/forums/forum/windows-scripting/general-scripting/32313-schtasks-exe-need-to-pass-parameters-to-script][1]

His post helped for configuring optional argument while scheduling the task.

Tice answered 2/2, 2018 at 16:25 Comment(0)
A
1

Use mshta to prompt for admin rights:

@echo off
net session >nul 2>&1 && goto :admintasks
MSHTA "javascript: var shell = new ActiveXObject('shell.application'); shell.ShellExecute('%~nx0', '', '', 'runas', 1);close();"
exit /b
:admintasks
rem ADMIN TASKS HERE

Or, using powershell:

powershell -c Start-Process "%~nx0" -Verb runas
Abide answered 22/2, 2020 at 3:10 Comment(0)
P
0

You can't request admin rights from a batch file, but you could write a windows scripting host script in %temp% and run that (and that in turn executes your batch as admin) You want to call the ShellExecute method in the Shell.Application object with "runas" as the verb

Prae answered 15/12, 2009 at 16:41 Comment(0)
C
0

I used multiple examples to patch this working one liner together.

This will open your batch script as an ADMIN + Maximized Window

Just add one of the following codes to the top of your batch script. Both ways work, just different ways to code it.

I believe the first example responds the quickest due to /d switch disabling my doskey commands that I have enabled..

EXAMPLE ONE

@ECHO OFF
IF NOT "%1"=="MAX" (powershell -WindowStyle Hidden -NoProfile -Command {Start-Process CMD -ArgumentList '/D,/C' -Verb RunAs} & START /MAX CMD /D /C %0 MAX & EXIT /B)
:--------------------------------------------------------------------------------------------------------------------------------------------------------------------

:: Your original batch code here:

:--------------------------------------------------------------------------------------------------------------------------------------------------------------------

EXAMPLE TWO

@ECHO OFF
IF NOT "%1"=="MAX" (powershell -WindowStyle Hidden -NoProfile -Command "Start-Process CMD -ArgumentList '/C' -Verb RunAs" & START /MAX CMD /C "%0" MAX & EXIT /B)
:--------------------------------------------------------------------------------------------------------------------------------------------------------------------

:: Your original batch code here:

:--------------------------------------------------------------------------------------------------------------------------------------------------------------------

See below for recommendations when using your original batch code

Place the original batch code in it's entirety

Just because the first line of code at the very top has @ECHO OFF doesn't mean you should not include it again if your original script has it as well.

This ensures that when the script get's restarted in a new window now running in admin mode that you don't lose your intended script parameters/attributes... Such as the current working directory, your local variables, and so on

You could beginning with the following commands to avoid some of these issues

:: Make sure to use @ECHO OFF if your original code had it
@ECHO OFF
:: Avoid clashing with other active windows variables with SETLOCAL
SETLOCAL
:: Nice color to work with using 0A
COLOR 0A
:: Give your script a name
TITLE NAME IT!

:: Ensure your working directory is set where you want it to be
:: the following code sets the working directory to the script directory folder
PUSHD "%~dp0"

THE REST OF YOUR SCRIPT HERE...

:: Signal the script is finished in the title bar
ECHO.
TITLE Done! NAME IT!
PAUSE
EXIT
Crayon answered 12/8, 2020 at 20:59 Comment(0)
H
-6

use the runas command. But, I don't think you can email a .bat file easily.

Honorary answered 13/12, 2009 at 1:11 Comment(1)
This answer is incorrect. The runas command cannot be used to provoke elevation.Gemina

© 2022 - 2024 — McMap. All rights reserved.