?
Solved

Granting permission to copy files to "Program Files (x86)

Posted on 2011-03-12
24
Medium Priority
?
1,090 Views
Last Modified: 2012-05-11
I have a .bat script that tries to copy a file to "Program Files (x86)". The problem is that it requires admin privilege to do something like that.  

Please let me know how I can grant an ordinary user to do the same by just running the .bat file.

Thanks!
0
Comment
Question by:dshrenik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
  • 4
  • +3
24 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 35116361
You can add the permissions for the copy by adding the user/group with modify/full rights under the security tab for the folder.

Note that this will also enable this user/group to delete items.
 
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35116598
... but doing so requires admin privileges, and taking over ownership of the folder. So you can't do it simply by calling a batch file, you need to "prepare" the system it should run on.
0
 

Author Comment

by:dshrenik
ID: 35116852
If possible, can you give me the step by step procedure to do the same?

Thanks!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 30

Expert Comment

by:IanTh
ID: 35116898
you need to have uac disabled windows 7 stops you installing to c: drive

the way I found was add my local admin to c:\ in safe mode
0
 

Author Comment

by:dshrenik
ID: 35116907
How can I disable UAC?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35116931
Go into Control Panel\User Accounts. You should see the option to turn UAC on/off.

However I do not get where you head to. Is this a one-time action? Than there is no need to do anything, but to run the batch file as administrator (using the Shift-Context Menu on the batch file).
If you have to do that on several computers, you won't want the user to switch off UAC - which needs admin privs anyway.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35116989
0
 
LVL 79

Expert Comment

by:arnold
ID: 35117014
Do you have access to an administrative user's account or is your account part of the administrators group local or domain based?

What is the file that you need to copy?
0
 

Author Comment

by:dshrenik
ID: 35119756
I am the admin, and I want the other users to be able to run the .bat file by just double clicking it...
0
 

Author Comment

by:dshrenik
ID: 35119757
The file I need to copy is an .xml file
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 35119799
Activate the Hidden Admin user account - http://sysnative.com/0x1/Hidden_Admin_Acct.html
0
 

Author Comment

by:dshrenik
ID: 35119805
@jcgriff2:
How can an ordinary user do that?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121071
they cant only local admin can

Like I said the c: drive is locked down in windowsd 7 you have to break the settings in safe mode to make win7 work like earlier windows versions
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35121439
Could you please go back to http:#a35116931, and give us more information?
0
 

Author Comment

by:dshrenik
ID: 35121449
@Qlemo:
Sorry for missing that. It is not a one-time action. And I want this to work for several ordinary users on the same computer.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 1600 total points
ID: 35121537
Ok, then it is worth the effort.

[rant]That is the reason why Program Data/Application Data folders exist - because there should never be a change in the Program Files folder besides installing/updating an application[/rant]

Usually a bad idea, as it circumvents security, but you can still do that once as an admin:
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F

Open in new window

That should give full access to the XML files in that folder to all users. You can restrict both access and permission group, if you like.
After having set that up once on each PC, a user should be able to execute the .bat file as intended without further ado.
0
 

Author Comment

by:dshrenik
ID: 35121551
Great!
If possible, can you please give a brief description of your code.

Thank you so much!
0
 

Author Comment

by:dshrenik
ID: 35121556
And I need to run your code in Command Prompt just once as the admin, right?
0
 

Author Comment

by:dshrenik
ID: 35121558
Also, please tell me how I can restore the original settings.
0
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 400 total points
ID: 35121706
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F


takeown == take ownership = administrator    original is TrustedInstaller
icacls == Change file and folder permissions tool  since you granted you then can remove the everyone:f (f == full permissions) i.e. /remove Everyone:F

therefore to restore back to original
takeown /u TrustedInstaller /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml /remove Everyone:F

0
 

Author Comment

by:dshrenik
ID: 35121715
Thanks!
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35121742
icacls is able to save and restore security settings, which is better than to manually remove the granted access rights:

icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /save "%temp%\xml.acl"
...
icacls "%ProgramFiles(x86)%\Folder1\Folder2\" /restore "%temp%\xml.acl"
del "%temp%\xml.acl"
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 35121811
didn't know about that one.. even a better solution!!
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121876
icacls resets the security
0

Featured Post

7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question