Start Free Trial

asked on

Can't Create Folders in Windows 7 w/BAT file. "Access is Denied" error

I had a BAT file that I made and used on Windows XP clients for making directories & copying shortcuts we use for AutoDesk Civil 3D 2009 (C3D) that I'm now trying to modify to use on Windows 7 x64 clients. I did notice that C3D now installs in the "C:\Program Files (x86)\" directory & believe that I have modified the attached text version of the BAT accordingly. When I ran it, the command prompted flashed on-screen...but no new directories. So I copied & ran the first line directly in a command prompt & it appears that with Windows 7, I get an "Access is Denied" when trying to create a directory under "C:\Program Files (x86)\". With further testing, I noticed that I can create folders from the command prompt without issue.

I tried right clicking the BAT file & clicked "run as administrator"...no luck.

I'm pretty sure my account has administrator priveleges. I'm a domain admin & created a user on the Windows 7 workstation with administrator rights too. (I didn't have any problems installing anything.)

4-C3D09-PLTG-x64.txt

Hello.
You said
so I copied & ran the first line directly in a command prompt & it appears that with Windows 7, I get an "Access is Denied" when trying to create a directory under "C:\Program Files (x86)\". With further testing, I noticed that I can create folders from the command prompt without issue.

Did you tried creating a folder in C:\ or C:\program files (x86)\ or somewhere else.

Due to UAC in windows 7 normal command prompt will not alllow you to create folders in C:\ , program files and windows directory.

also Can you open a command prompt as Runas admin and then from there run the batch file and post the output..

you need to raise the privileges within the script itself
http://www.winhelponline.com/articles/185/1/VBScripts-and-UAC-elevation.html

I don't have a 64-bit version of 7 available, but I do have a server 2008 R2 available.

I went to that folder under a command prompt and attempted to create a file with "copy con" and was unable to; got the same error as you.. However, when I attempted the same thing under a Run As Admin command prompt I was successful. I realize that 7 is not the same as 2008R2, but they are pretty similar and I would have expected this to work for you as well.

Double check to make sure you did a run as command prompt and then key the command manually instead of running the bat file.

FYI... under 7 all the domain admin rights in the world is still lower than the Run As Administrator setting. That user in Windows is not analogous to the root user in Linux

ASKER

Hi Subhaschy,

Sorry for not clarifying...yes, I'm able to create folders from the command prompt at C:\, but not C:\program files (x86).

Ahhh...I'm new to Windows 7 so I'll nee to read up on UAC then!

Yes, if I open the command prompt & runas admin, it'll create the directories if I copy & paste the md lines into the cmd prompt.

Is there a way that I can get the BAT to run without having to go through these extra steps?

follow the directions found on this website:
http://www.winhelponline.com/articles/185/1/VBScripts-and-UAC-elevation.html

You need to give Administrator access to that folder. By default TrustedInstaller has ownership of this folder not administrators
Go to the Security TAB. click on ADVANCED and then choose 'administrator' and change ownership. Click ok ok ok then again go to the Security TAB and add the Administrator with full access.

ASKER

Hi silverkorn,

I've never worked with VBScripts before...only simple BAT files I created from text documents with some basic DOS commands. Do I treat the VBScripts the same way by copying them into a text doc, adding my commands, changing to a BAT extension & double click the file?

Thanks!

no BlueGirl, vbscript will not work like that..
Either you have to always run the batch file as administrator or See if "Silverkron" can give you a batch file which will
1) Create a vbscript and a batch file on the fly
2) Call the vbscipt which will ask for UAC prompt
3) the Vb script will call the newly created batch file.
4) Finaly the first .bat will cleanup and exit.

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

if you want to stay with a bat file you can create a second bat file thats calls the first bat file you originally posted, just make sure to call the second bat file using the "runas" command; more info here:
https://www.experts-exchange.com/questions/24365982/Runas-command-syntax-for-batch-file.html

runas /user:domainname\username 4-C3D09-PLTG-x64.bat

rsoly777: I understand changing ownership is simple and easy but he had to do it on many computers not just one..thats is why he is looking for an script otherwise creating 3-4 folders is more easy for a user then changing permissions..

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

Rsoly777, that worked like a charm! Thanks! BTW, are there security concerns that I should consider with allowing the administrators group full control on this directory? Also, do you know an easy way to set the permissions back to default so I can continue testing the 2nd BAT option?

Subhashchy, good point. Yes, I do need to do this on many computers.

Silverkorn, thanks for the suggestion on the second BAT to set the permissions. I'll give that a try since VBScripts are a bit over my head at this point.

Thanks again all!

there are some security concerns but until Autocad has a better installation and working directory path I think I would leave this the way it is. It is no more insecure than it was in XP.
ESRI has followed the Windows security models there is no reason why any other mapping and drafting software companies cannot follow the Microsoft Security Practices.

BTW glad it worked for you!

@jhyiesla: W2008R2 is the same as W7 - they use the same kernel, and there are only small differences regarding being a Server or Client OS, that is all.

@blugirl:
I can't imagine that rsoly777's recommendation works. It is an UAC, not permission issue. The program folder already has Admin privs defined - they just don't apply without UAC to protect that folder. And yes, there are security concerns, as each program can create and manipulate folders there when run as admin user.

I agree to the solution presented in http:#a35019586. However, I would use a more "sophisticated" approach:

@echo off
if "%1" == "" (runas /user:domain\user "%~F0" privileged & exit /b 0)

pushd C:\Program Files (x86)
md "AutoCAD Civil 3D 2009\Plot Styles"
md "AutoCAD Civil 3D 2009\Plotters"

md "AutoCAD Civil 3D Land Desktop Companion 2009\Plot Styles"
md "AutoCAD Civil 3D Land Desktop Companion 2009\Plotters"

copy "Y:\DRC ACAD\config\C3D2009\Shortcut to drv.lnk" "AutoCAD Civil 3D 2009\Drv"
copy "Y:\DRC ACAD\config\C3D2009\Shortcut to Plot Styles.lnk" "AutoCAD Civil 3D 2009\Drv\Plot Styles"
copy "Y:\DRC ACAD\config\C3D2009\Shortcut to plotters.lnk" "AutoCAD Civil 3D 2009\Drv\Plotters"


copy "Y:\DRC ACAD\config\C3D2009\Shortcut to drv.lnk" "AutoCAD Civil 3D Land Desktop Companion 2009\Drv"
copy "Y:\DRC ACAD\config\C3D2009\Shortcut to Plot Styles.lnk" "AutoCAD Civil 3D Land Desktop Companion 2009\Plot Styles"
copy "Y:\DRC ACAD\config\C3D2009\Shortcut to plotters.lnk" "AutoCAD Civil 3D Land Desktop Companion 2009\Plotters"
popd

Open in new window

The script calls itself, supplying an additional parameter to "mark" it is already running with elevated privs. Further it is more convinient to change into the program folder - if you need to change that (e.g. for 32bit machines), you only need to once at the beginning.

Sorry Qlemo, it does work She can change the ownership back to "trusted installer" after the folders are created. The real problem is AutoCad needing these folders located there and not having a defined workaround or update that addresses this issue.

@rsoly777 actually AutoCAD does not require those files to be located there, you can add/modify the "Printer Support File Paths" to look to a different location on the workstation or on the network

to change the paths:
open the options within AutoCAD (keyin: OP)
Click the files tab in the Options window
Scroll down to "Printer Support File Path" and expand the group
change the "Printer Configuration Search Path", "Printer Description File Search Path" and "Plot Style Table Search Path" to the new locations
Click "OK" to save configurations
close AutoCAD

Another note is that this could also be accomplished by using a Windows PowerShell script

rsoly,
Yes, It seems to work for blugirl, but it is beyond my imagination.

The proper way to do that in a batch is (still needing elevated privs, btw, so there is nothing to gain):
takeown /f "%ProgramFiles(x86)%" /a
cacls "%ProgramFiles(x86)" /E /G Administrators:F

ASKER

@rsoly777, how do I change the owner back to trusted installer? On the Owner tab, I clicked Edit -> Other users or groups -> entered "trust" & clicked Check Names, but I get an error that says the object with that name couldn't be found. I even tried selecting all Object Types & the local workstation as the location...no luck.

At this point, would the easiest way to test Qlemo's BAT is to create a new user & log in?

@Silverkorn, you're correct. We can change the ACAD paths to point to a different location. I guess I've just been so used to having these folders in the same location over the years. But it still wouldn't hurt to know how to accomplish this in case I need to automate some other tasks.

Thanks again all!!

@bluegirl
I know this does not answer your original question but wouldn't the easiest solution be to change the options within the AutoCAD program to reference the folders on the network? Just make sure to make the files on the network read only to keep users from accidently changing the files

follow the directions i previously posted to change the support file paths within AutoCAD. This setting is also saved within the AutoCAD profile, so if you bring the profile file into a newer version of AutoCAD this setting will follow

To reset owner, use
icacls "%ProgramFiles(x86)%" /setowner TrustedInstaller
when you are finished. Or even better, save the state before changing, and revert it back:

    pushd "%ProgramFiles(x86)%"
    icacls . /save "%temp%\privs"
    icacls . /setowner Administrators
    icacls . /grant Administrators:F
    ...
    icacls . /restore "%temp%\privs"
    del "%temp%\privs" >nul 2>nul

Open in new window

Silverkorn, this really should be dealt with in that manor or get it to work this way for now and go back to change it as defined in your earlier post. I do not use Autocad I work with Esri products so am not aware of that. It is not this difficult with esri products...

BluGirl: Where you changed owner to Administrator you can change it back to trustedinstaller one word

i m creating a bat which will sort this out..hope i will post in next 10-15 minutes.

Sorry type in "NT Service\TrustedInstaller" that will find this user

Can you try this one..

@echo off
md c:\temp1
::Creating the VBS.
type %0 | find /i "      " | find /v "notme" >C:\temp1\bluegir.vbs

echo md "C:\Program Files (x86)\AutoCAD Civil 3D 2009\Plot Styles" >C:\temp1\bat.bat
echo md "C:\Program Files (x86)\AutoCAD Civil 3D 2009\Plotters" >>C:\temp1\bat.bat
echo md "C:\Program Files (x86)\AutoCAD Civil 3D Land Desktop Companion 2009\Plot Styles" >>C:\temp1\bat.bat
echo md "C:\Program Files (x86)\AutoCAD Civil 3D Land Desktop Companion 2009\Plotters" >>C:\temp1\bat.bat
echo copy "Y:\DRC ACAD\config\C3D2009\Shortcut to drv.lnk" "C:\Program Files (x86)\AutoCAD Civil 3D 2009\Drv" >>C:\temp1\bat.bat
echo copy "Y:\DRC ACAD\config\C3D2009\Shortcut to Plot Styles.lnk" "C:\Program Files (x86)\AutoCAD Civil 3D 2009\Drv\Plot Styles" >>C:

\temp1\bat.bat
echo copy "Y:\DRC ACAD\config\C3D2009\Shortcut to plotters.lnk" "C:\Program Files (x86)\AutoCAD Civil 3D 2009\Drv\Plotters" >>C:\temp1\bat.bat
echo copy "Y:\DRC ACAD\config\C3D2009\Shortcut to drv.lnk" "C:\Program Files (x86)\AutoCAD Civil 3D Land Desktop Companion 2009\Drv" >>C:

\temp1\bat.bat
echo copy "Y:\DRC ACAD\config\C3D2009\Shortcut to Plot Styles.lnk" "C:\Program Files (x86)\AutoCAD Civil 3D Land Desktop Companion 2009\Plot 

Styles" >>C:\temp1\bat.bat
echo copy "Y:\DRC ACAD\config\C3D2009\Shortcut to plotters.lnk" "C:\Program Files (x86)\AutoCAD Civil 3D Land Desktop Companion 2009\Plotters" 

>>C:\temp1\bat.bat


wscript C:\temp1\bluegir.vbs
goto :EOF




      If WScript.Arguments.length =0 Then
      Set objShell = CreateObject("Shell.Application")
      objShell.ShellExecute "wscript.exe", Chr(34) & _
      WScript.ScriptFullName & Chr(34) & " uac", "", "runas", 1
      Else
      Set WshShell = WScript.CreateObject("WScript.Shell")
      wscript.echo "Subhash"
      WshShell.Run "cmd.exe /k C:\temp1\bat.bat"

      End If

Open in new window

note that after goto :EOF there are 6 space before each line....May be when coping from here space will not get copied, make sure the space charector are present in the batch file...

I m using silverkorns idea here..

ASKER

@qlemo, I copied the script you posted in ID# 35019972 to a text file, changed the extension to BAT, right clicked & ran as admin, but no luck. Did I do something wrong? FYI, I'm currently logged in as a user that I added as a domain user to the local workstation since I hadn't moved forward with resetting the permissions for my own account I was using to test with earlier.

ASKER

@jhyiesla, I was hopefull after your comment that this would work for me too...but no luck. Sorry, I'm just now diving into Windows 7 so had to look up how to run the command promtp as admin. So, I just entered "cmd" in the search field, Ctrl+Shift + Enter, then chose "Yes" to allow the program to make changes (wasn't prompted to provide login info), and tried to run only...

md "C:\Program Files (x86)\Test\made"

...but still receieved access denied.

have you tried the script is posted ?

Sorry, got the syntax of runas wrong relating to the usage of double quotes. Replace line 2 with

if "%1" == "" (runas /user:domain\user "%~F0 privileged" & exit /b 0)

Open in new window

You might want to change the user info to the local or domain admin account.

ASKER

@subhashchy, I just tried yours this morning...it didn't create the directories, but I did see files "bat.bat" & "bluegir.vbs" under "C:\temp1".

@Qlemo, Ok, so I replaced line two with your correction, but still no luck.

I wonder if it wouldn't be easier just to modify the paths that AutoDesk is looking for these files at, like silverkorn suggested, especially since I can specify that in the file I import to configure our CAD setting.

Are there other advantages that y'all can think of for persisting with the original solution?

BluGirl,
I think using what Silverkorn suggested is probably the right thing to do as it makes no sense to have these directories in the program files directory since they are printer support directories

ASKER

Out of curiosity, does anyone have suggestions regarding a scripting language (?) someone like me should consider if I'm barely comfortable with simple BATs created from text documents? I don't want to get too far behind the curve, but wonder if ShellScript would be easier then VBS to jump into?

Thanks again for all the help!

ASKER

Nevermind...I think I answered my last question from the following:

Getting Started with Windows PowerShell

ASKER

@qlemo, was supposed to change the domain/user in your script to a valid domain/user? If so, I tried that too with no luck

what happens if you try to run this through a standard command prompt (make sure to replace domainname with your actual domain name):
runas /user:domainname\administrator 4-C3D09-PLTG-x64.bat

I suspect it will ask you for the domain name user account password, which is why your batch file is not working

Can you run the vbs from that folder (Using commnd prompt) and then post the output..It worked on my system with UAC enabled...

runas requires always that you at least confirm running it. And of course it requires valid credentials, as I have told already in http:#a35026016 . If I run the batch file (with valid credentials), it does what it should. Strange it does not work for you, I suppose there is more behind that we cannot see.

ASKER

@qlemo...Sorry, to sound like such a newbie...but I'm new to Windows 7 & never had to deal with runas in the past, so there's a good chance that I'm not doing things correctly. Could I bother you to walk me through how to do this step by step...especially since it's working for you?

Thanks again for your persistence!

First you need to tell me what does not work - do you still get the same Access Denied error when the folders are created? You should see another DOS Box opening when runas is successful. Try to put a
pause
at the very end of the batch file, that should halt the script, so you can see what it is saying.

ASKER

@Glemo...I'm starting to have hope again! Thanks for the tip regarding adding "pause"!

I set the domain & user name, as you instructed, to the domain admin's credentials & I get an "access denied" error for the md command & "the system cannot find the drive specified" for the copy commands.

I created a simplified test BAT by copying yours, using my own credentials for runas since they hadn't been changed since we first gave me full control at the beginning, stayed logged in as another user w/o full control granted for the program files (x86) directory, changed the copy path to UNC instead of using the mapped drive letter & it worked!! (see attached file)

So it looks like we've now narrowed this back down to a permissions issue...but I'm not familiar with UAC either. Your thoughts?

blugirl-test.txt

Oh, the mapped drive completely slipped my mind ... Of course that is an issue, as a drive letter is always bound to the individual user's profile, and not available for other users.

Now you only need to wrap http:#a35020531 around the md/copy part (that is, the md/copy is to put in where the ellipsis is). Instead of the group "Administrators" you might want to use the same user as in runas.

ASKER

@Qlemo...I'm not sure what you mean by...

Now you only need to wrap http:#a35020531 around the md/copy part (that is, the md/copy is to put in where the ellipsis is). I

Could you please explain?

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

Sorry for the delay in responding...I've been busy on another fire. I'll respond by early next week. Thanks again all!

were you able to get the batch file to work?

ASKER

Hi Silverkorn,

I've been busy with other issues & haven't been able to get back to this yet. I'm hoping to do further testing by early next week. Thanks so much for following-up!

ASKER

Phew! I'm finally ready to tackle this again! So sorry for the delay.

@silverkorn, as suggested in 35030804, I tried to run my original BAT through a standard command prompt, it DID ask for a password, but I received the error...

RUNAS ERROR: Unable to run - S:\_C3D2009 x64\4 c3d09_pltg x64.BAT
2: The system cannot find the file specified

Could this be because I'm trying to run the BAT from a network location? I tried changing directories with:

chdir/D "S:\_C3D2009 x64"

...but get...

The system cannot find the drive specified.

So I tried to change directories by providing the full UNC path instead & received...

CMD does not support UNC paths as current directories

ASKER

@qlemo...

I've been playing with the last script you provided in 35071982 & I think we're really close! NEVER MIND!! You did it! The last script you provided only had 2 issues...on line 18 & 19, I removed the DRV directory & it worked like a charm!! Thanks a ton!!