Solved

Batch - DEL access denied

Posted on 2009-04-01
10
1,977 Views
Last Modified: 2012-05-06
I'm trying to write a batch file that will replace a file on users account machines.  When I try to DEL the file from within the batch it tells me access is denied.  I'm pretty sure it is because the permissions on the file are limited to read & write for users.

A batch runs whenever a user logs on to their PC that ties into another batch over a network share that updates files / programs when necessary.  Basically, I can not go around and change the permissions of the file on all the PC's logging on as an administrator.

Is there a work around?

The code below is called by the initial batch script that runs when a user logs on.  RUNME.bat file is the file that I can't delete as a regular user; which everyone is.  RUNME.bat is not the initial batch that runs and is not in use when the batch runs to delete and replace it.
@ECHO OFF

echo %username%,%date%,%time% >>\\server\share\netwrk\logon.csv

del C:\VDI\RUNME.BAT /q

xcopy \\server\share\NETWRK\VDI\RUNME.BAT "C:\VDI" /q /y

xcopy \\server\share\NETWRK\SHOCUT\GEN\VDI_Shares.lnk "c:\DOCUME~1\%username%\desktop" /q /y

ipconfig /all >\\server\share\NETWRK\COMPLE\IPCONF\%username%.txt

echo >"\\server\share\netwrk\comple\upd002\%username%.txt"

del "\\server\share\netwrk\comple\update\%username%.txt" /q

net use z: /del /yes >nul

Open in new window

0
Comment
Question by:NEVAEHSIN
  • 4
  • 3
  • 3
10 Comments
 
LVL 26

Expert Comment

by:souseran
Comment Utility
A tool like CPAU might help:

http://www.joeware.net/freetools/tools/cpau/index.htm

"Basically this is a runas replacement. Also allows you to create job files and encode the id, password, and command line in a file so it can be used by normal users."

You can include this in your batch file to allow it to be run as though by an Administrator.
0
 
LVL 6

Expert Comment

by:vertsyeux
Comment Utility
Hi,

Is this a one-off deletion of this file or is it deleted regularly.. As far as I know, most of the C: drive is not writable by restricted users. I suggest..

a) If only single user needs to access the RUNME batch file, create a folder in %USERPROFILE% - that is usually stores in C:\Documents and Settings\<Username> and is always writable by the currently logged-in user..

b) If other users need to access the file, create your folder VDI in C:\ but set it and all its child objects to be writable by Users.. Maybe you can't do that as it would require you to access each machine as an administrator..

I don't know if you can dial-into these machines, but I have a batch file called SU.BAT that requests the administrator password and gives me an explorer window logged-in as administrator from a restricted user - it's usually hidden away in the programs/accessories menu.

The batch file looks like this:

   @echo off
   runas  /env  /user:Administrator  "explorer"

If you have any other questions, let me know..

Regards,
Gordon
0
 
LVL 1

Author Comment

by:NEVAEHSIN
Comment Utility
I don't think this will work.  The problem is that my batch is run on 100's of computers that do not have this tool on them.  Maybe the RUNAS command is what I'm looking for however I'm not familiar with the proper syntax to make the command work.

Any suggestions?
0
 
LVL 6

Expert Comment

by:vertsyeux
Comment Utility
It sounds like you don't necessarily have to be administrator - if you create a folder %USERPROFILE%\VDI in your batch file and store your batch file in there, the user will definitely have all rights access to that - If I log in as Fred, then the system sets up an env. variable called USERPROFILE which has the value "\Documents and Settings\Fred"
0
 
LVL 1

Author Comment

by:NEVAEHSIN
Comment Utility
my previous comment was for souseran.

vertsyeux:

The runme.bat is a batch file that will be used in the near future to migrate users and all their files to an AD for virtual desktops.  I had to revise the batch as we changed the way we're planning to perform the migration.  An administrator account will run the batch, hence why I had to put it on C:\ - also it was a (at the time) time saving action on my part.  I didn't think I'd have to change the file at the time I wrote it and put the restrictions on it on purpose so that users would not be able to delete it.

I still think the RUNAS command within DOS may work, but again I am unfamiliar with this command.  I am not overly concerned with putting an administrator password within the batch as the batch is call minimized and literally runs for less than a second and then disappears - and if worst came to worst I would convert it to an .exe and run it.

Any tips on the RUNAS statement and if it will work?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Author Comment

by:NEVAEHSIN
Comment Utility
vertsyeux:

I understand %userprofile% and all, problem is what do I do with the file now currently sitting in the VDI file?
0
 
LVL 6

Accepted Solution

by:
vertsyeux earned 250 total points
Comment Utility
You could ignore it, unless it contains sensitive information or is called by the system.. If you have to delete a file you don't have write access to, you will either have to log in as administrator or use the SU batch file I listed earlier to get a "superuser command prompt".. Alternativly, you could create a Linux live CD that boots up and cleans-up the necessary file(s) and distribute that to all your end-users
0
 
LVL 26

Expert Comment

by:souseran
Comment Utility
NEVAEHSIN:

We may be able to accomplish running the RUNAS statement as part of a Visual Basic Script (.VBS). Let me do some more research on that for you.
0
 
LVL 26

Assisted Solution

by:souseran
souseran earned 250 total points
Comment Utility
One other possibility would be to make a call to CPAU in your batch file, copy it over locally, run the necessary command, and the rest of the batch file, then have the batch file delete the CPAU program. Just a thought.
0
 
LVL 1

Author Closing Comment

by:NEVAEHSIN
Comment Utility
installing CPAU on the PC's was not an option unfortunately.  I decided to spend the hours yesterday and manually remove the file from each PC :(  However, I appreciate your time and suggestions.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Move XP PC to Vmware 22 128
CMD shell elevation.js 4 57
Batch: check service status 11 79
move Windows 10 apps to diff disk 39 121
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
YESTERDAY YESTERDAY.BAT is inspired by a previous article I wrote entitled: TOMORROW.BAT (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/MS_DOS/A_4196-Advanced-Batch-File-Programming-TOMORROW-BAT.html). The crux of this batch f…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now