Running a Batch that needs administrator privileges...

Hello everyone,

I work in an IT department for a small company, our size is increasing, and doing things to each pc one by one takes a long time.
We implemented batch scripts to run on logon, but as all our users are not administrators, some of the code in the batch files do not execute. EG: Copying files, or executing programs such as setup programs for software.

My question is, how do I get around all this without granting our users administrator privileges?
I have searched on here, and one solution was to create a service, but in order to get the service running I would need to go to every machine to start the service.
If anyone comes up with a solution, detail would be helpful. Would like to avoid having to visit every machine though.

Any help is appreciated! Thanks.
Antonio KingIT ManagerAsked:
Who is Participating?
Steve KnightIT ConsultancyCommented:
Couple of suggestions: #

1. If you have active directory use a startup script assigned to the computer's OU's rather to the users.

2. Use an AT command scheduled on each box to run the command as SYSTEM

3. Use RunAs.exe in your login script (not a good idea as password would show up in text file...)

4. Again if you have AD to install apps. create group policy entries to install the software using MSI file stored on a share which you can assign to users or computers.

5. Copy the files to each machine from your own domain admin account using a list of servers from the domain.

If any of that sounds like what you want someone here can elaborate on specific scripts.

> , how do I get around all this without granting our users administrator privileges?

one is, the admin gets footprint on each pc, their own ID and password, and this ID is then used for the install

two is for use of scheduler, in dos of  'AT' command to start a .cmd  file to run, installing things. When the AT command runs, it has system privilege, which is more powerful than Administrator. That is one main reason I like to use scheduler. No one has to log in to get the authority, and you may not need to force users to log off.
I think that means I like dragon-it 's #2 and #5 best.
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

low-tech solution:... write a batch file that contains means for authorization (i.e. id and password) and then compile it:

I've used this compiler with success in the past.

Mohammed HamadaSenior IT ConsultantCommented:
From One of my previous posts..

You will probably need to make a script file that will include both, username and password so they can't see them or get prompted to type them.. See the following link please..

Or use the Runasp third party command line..

The password parameter is not supported by the runas command on XP, but this runasp does support it..

BTW: if you didn't find your answear in first link, then the command line runasp will do it..

Steve KnightIT ConsultancyCommented:

Are you still there?  Did any of that help?

Antonio KingIT ManagerAuthor Commented:
Very sorry for taking so long to get back to you,

Many thanks for all your help/
Steve KnightIT ConsultancyCommented:
No problem, glad if it helped.... got me past the 50k mark in the TA too :-)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.