Solved

Batch - DEL access denied

Posted on 2009-04-01
10
1,990 Views
Last Modified: 2012-05-06
I'm trying to write a batch file that will replace a file on users account machines.  When I try to DEL the file from within the batch it tells me access is denied.  I'm pretty sure it is because the permissions on the file are limited to read & write for users.

A batch runs whenever a user logs on to their PC that ties into another batch over a network share that updates files / programs when necessary.  Basically, I can not go around and change the permissions of the file on all the PC's logging on as an administrator.

Is there a work around?

The code below is called by the initial batch script that runs when a user logs on.  RUNME.bat file is the file that I can't delete as a regular user; which everyone is.  RUNME.bat is not the initial batch that runs and is not in use when the batch runs to delete and replace it.
@ECHO OFF

echo %username%,%date%,%time% >>\\server\share\netwrk\logon.csv

del C:\VDI\RUNME.BAT /q

xcopy \\server\share\NETWRK\VDI\RUNME.BAT "C:\VDI" /q /y

xcopy \\server\share\NETWRK\SHOCUT\GEN\VDI_Shares.lnk "c:\DOCUME~1\%username%\desktop" /q /y

ipconfig /all >\\server\share\NETWRK\COMPLE\IPCONF\%username%.txt

echo >"\\server\share\netwrk\comple\upd002\%username%.txt"

del "\\server\share\netwrk\comple\update\%username%.txt" /q

net use z: /del /yes >nul

Open in new window

0
Comment
Question by:NEVAEHSIN
  • 4
  • 3
  • 3
10 Comments
 
LVL 26

Expert Comment

by:souseran
ID: 24041843
A tool like CPAU might help:

http://www.joeware.net/freetools/tools/cpau/index.htm

"Basically this is a runas replacement. Also allows you to create job files and encode the id, password, and command line in a file so it can be used by normal users."

You can include this in your batch file to allow it to be run as though by an Administrator.
0
 
LVL 6

Expert Comment

by:vertsyeux
ID: 24041876
Hi,

Is this a one-off deletion of this file or is it deleted regularly.. As far as I know, most of the C: drive is not writable by restricted users. I suggest..

a) If only single user needs to access the RUNME batch file, create a folder in %USERPROFILE% - that is usually stores in C:\Documents and Settings\<Username> and is always writable by the currently logged-in user..

b) If other users need to access the file, create your folder VDI in C:\ but set it and all its child objects to be writable by Users.. Maybe you can't do that as it would require you to access each machine as an administrator..

I don't know if you can dial-into these machines, but I have a batch file called SU.BAT that requests the administrator password and gives me an explorer window logged-in as administrator from a restricted user - it's usually hidden away in the programs/accessories menu.

The batch file looks like this:

   @echo off
   runas  /env  /user:Administrator  "explorer"

If you have any other questions, let me know..

Regards,
Gordon
0
 
LVL 1

Author Comment

by:NEVAEHSIN
ID: 24042033
I don't think this will work.  The problem is that my batch is run on 100's of computers that do not have this tool on them.  Maybe the RUNAS command is what I'm looking for however I'm not familiar with the proper syntax to make the command work.

Any suggestions?
0
 
LVL 6

Expert Comment

by:vertsyeux
ID: 24042128
It sounds like you don't necessarily have to be administrator - if you create a folder %USERPROFILE%\VDI in your batch file and store your batch file in there, the user will definitely have all rights access to that - If I log in as Fred, then the system sets up an env. variable called USERPROFILE which has the value "\Documents and Settings\Fred"
0
 
LVL 1

Author Comment

by:NEVAEHSIN
ID: 24042142
my previous comment was for souseran.

vertsyeux:

The runme.bat is a batch file that will be used in the near future to migrate users and all their files to an AD for virtual desktops.  I had to revise the batch as we changed the way we're planning to perform the migration.  An administrator account will run the batch, hence why I had to put it on C:\ - also it was a (at the time) time saving action on my part.  I didn't think I'd have to change the file at the time I wrote it and put the restrictions on it on purpose so that users would not be able to delete it.

I still think the RUNAS command within DOS may work, but again I am unfamiliar with this command.  I am not overly concerned with putting an administrator password within the batch as the batch is call minimized and literally runs for less than a second and then disappears - and if worst came to worst I would convert it to an .exe and run it.

Any tips on the RUNAS statement and if it will work?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:NEVAEHSIN
ID: 24042154
vertsyeux:

I understand %userprofile% and all, problem is what do I do with the file now currently sitting in the VDI file?
0
 
LVL 6

Accepted Solution

by:
vertsyeux earned 250 total points
ID: 24042210
You could ignore it, unless it contains sensitive information or is called by the system.. If you have to delete a file you don't have write access to, you will either have to log in as administrator or use the SU batch file I listed earlier to get a "superuser command prompt".. Alternativly, you could create a Linux live CD that boots up and cleans-up the necessary file(s) and distribute that to all your end-users
0
 
LVL 26

Expert Comment

by:souseran
ID: 24042383
NEVAEHSIN:

We may be able to accomplish running the RUNAS statement as part of a Visual Basic Script (.VBS). Let me do some more research on that for you.
0
 
LVL 26

Assisted Solution

by:souseran
souseran earned 250 total points
ID: 24042765
One other possibility would be to make a call to CPAU in your batch file, copy it over locally, run the necessary command, and the rest of the batch file, then have the batch file delete the CPAU program. Just a thought.
0
 
LVL 1

Author Closing Comment

by:NEVAEHSIN
ID: 31565430
installing CPAU on the PC's was not an option unfortunately.  I decided to spend the hours yesterday and manually remove the file from each PC :(  However, I appreciate your time and suggestions.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now