Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2135
  • Last Modified:

Batch - DEL access denied

I'm trying to write a batch file that will replace a file on users account machines.  When I try to DEL the file from within the batch it tells me access is denied.  I'm pretty sure it is because the permissions on the file are limited to read & write for users.

A batch runs whenever a user logs on to their PC that ties into another batch over a network share that updates files / programs when necessary.  Basically, I can not go around and change the permissions of the file on all the PC's logging on as an administrator.

Is there a work around?

The code below is called by the initial batch script that runs when a user logs on.  RUNME.bat file is the file that I can't delete as a regular user; which everyone is.  RUNME.bat is not the initial batch that runs and is not in use when the batch runs to delete and replace it.
@ECHO OFF
echo %username%,%date%,%time% >>\\server\share\netwrk\logon.csv
del C:\VDI\RUNME.BAT /q
xcopy \\server\share\NETWRK\VDI\RUNME.BAT "C:\VDI" /q /y
xcopy \\server\share\NETWRK\SHOCUT\GEN\VDI_Shares.lnk "c:\DOCUME~1\%username%\desktop" /q /y
ipconfig /all >\\server\share\NETWRK\COMPLE\IPCONF\%username%.txt
echo >"\\server\share\netwrk\comple\upd002\%username%.txt"
del "\\server\share\netwrk\comple\update\%username%.txt" /q
net use z: /del /yes >nul

Open in new window

0
NEVAEHSIN
Asked:
NEVAEHSIN
  • 4
  • 3
  • 3
2 Solutions
 
souseranCommented:
A tool like CPAU might help:

http://www.joeware.net/freetools/tools/cpau/index.htm

"Basically this is a runas replacement. Also allows you to create job files and encode the id, password, and command line in a file so it can be used by normal users."

You can include this in your batch file to allow it to be run as though by an Administrator.
0
 
vertsyeuxCommented:
Hi,

Is this a one-off deletion of this file or is it deleted regularly.. As far as I know, most of the C: drive is not writable by restricted users. I suggest..

a) If only single user needs to access the RUNME batch file, create a folder in %USERPROFILE% - that is usually stores in C:\Documents and Settings\<Username> and is always writable by the currently logged-in user..

b) If other users need to access the file, create your folder VDI in C:\ but set it and all its child objects to be writable by Users.. Maybe you can't do that as it would require you to access each machine as an administrator..

I don't know if you can dial-into these machines, but I have a batch file called SU.BAT that requests the administrator password and gives me an explorer window logged-in as administrator from a restricted user - it's usually hidden away in the programs/accessories menu.

The batch file looks like this:

   @echo off
   runas  /env  /user:Administrator  "explorer"

If you have any other questions, let me know..

Regards,
Gordon
0
 
NEVAEHSINAuthor Commented:
I don't think this will work.  The problem is that my batch is run on 100's of computers that do not have this tool on them.  Maybe the RUNAS command is what I'm looking for however I'm not familiar with the proper syntax to make the command work.

Any suggestions?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
vertsyeuxCommented:
It sounds like you don't necessarily have to be administrator - if you create a folder %USERPROFILE%\VDI in your batch file and store your batch file in there, the user will definitely have all rights access to that - If I log in as Fred, then the system sets up an env. variable called USERPROFILE which has the value "\Documents and Settings\Fred"
0
 
NEVAEHSINAuthor Commented:
my previous comment was for souseran.

vertsyeux:

The runme.bat is a batch file that will be used in the near future to migrate users and all their files to an AD for virtual desktops.  I had to revise the batch as we changed the way we're planning to perform the migration.  An administrator account will run the batch, hence why I had to put it on C:\ - also it was a (at the time) time saving action on my part.  I didn't think I'd have to change the file at the time I wrote it and put the restrictions on it on purpose so that users would not be able to delete it.

I still think the RUNAS command within DOS may work, but again I am unfamiliar with this command.  I am not overly concerned with putting an administrator password within the batch as the batch is call minimized and literally runs for less than a second and then disappears - and if worst came to worst I would convert it to an .exe and run it.

Any tips on the RUNAS statement and if it will work?
0
 
NEVAEHSINAuthor Commented:
vertsyeux:

I understand %userprofile% and all, problem is what do I do with the file now currently sitting in the VDI file?
0
 
vertsyeuxCommented:
You could ignore it, unless it contains sensitive information or is called by the system.. If you have to delete a file you don't have write access to, you will either have to log in as administrator or use the SU batch file I listed earlier to get a "superuser command prompt".. Alternativly, you could create a Linux live CD that boots up and cleans-up the necessary file(s) and distribute that to all your end-users
0
 
souseranCommented:
NEVAEHSIN:

We may be able to accomplish running the RUNAS statement as part of a Visual Basic Script (.VBS). Let me do some more research on that for you.
0
 
souseranCommented:
One other possibility would be to make a call to CPAU in your batch file, copy it over locally, run the necessary command, and the rest of the batch file, then have the batch file delete the CPAU program. Just a thought.
0
 
NEVAEHSINAuthor Commented:
installing CPAU on the PC's was not an option unfortunately.  I decided to spend the hours yesterday and manually remove the file from each PC :(  However, I appreciate your time and suggestions.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now