[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Granting permission to copy files to "Program Files (x86)

Posted on 2011-03-12
24
Medium Priority
?
1,101 Views
Last Modified: 2012-05-11
I have a .bat script that tries to copy a file to "Program Files (x86)". The problem is that it requires admin privilege to do something like that.  

Please let me know how I can grant an ordinary user to do the same by just running the .bat file.

Thanks!
0
Comment
Question by:dshrenik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
  • 4
  • +3
24 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 35116361
You can add the permissions for the copy by adding the user/group with modify/full rights under the security tab for the folder.

Note that this will also enable this user/group to delete items.
 
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35116598
... but doing so requires admin privileges, and taking over ownership of the folder. So you can't do it simply by calling a batch file, you need to "prepare" the system it should run on.
0
 

Author Comment

by:dshrenik
ID: 35116852
If possible, can you give me the step by step procedure to do the same?

Thanks!
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 30

Expert Comment

by:IanTh
ID: 35116898
you need to have uac disabled windows 7 stops you installing to c: drive

the way I found was add my local admin to c:\ in safe mode
0
 

Author Comment

by:dshrenik
ID: 35116907
How can I disable UAC?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35116931
Go into Control Panel\User Accounts. You should see the option to turn UAC on/off.

However I do not get where you head to. Is this a one-time action? Than there is no need to do anything, but to run the batch file as administrator (using the Shift-Context Menu on the batch file).
If you have to do that on several computers, you won't want the user to switch off UAC - which needs admin privs anyway.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35116989
0
 
LVL 80

Expert Comment

by:arnold
ID: 35117014
Do you have access to an administrative user's account or is your account part of the administrators group local or domain based?

What is the file that you need to copy?
0
 

Author Comment

by:dshrenik
ID: 35119756
I am the admin, and I want the other users to be able to run the .bat file by just double clicking it...
0
 

Author Comment

by:dshrenik
ID: 35119757
The file I need to copy is an .xml file
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 35119799
Activate the Hidden Admin user account - http://sysnative.com/0x1/Hidden_Admin_Acct.html
0
 

Author Comment

by:dshrenik
ID: 35119805
@jcgriff2:
How can an ordinary user do that?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121071
they cant only local admin can

Like I said the c: drive is locked down in windowsd 7 you have to break the settings in safe mode to make win7 work like earlier windows versions
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35121439
Could you please go back to http:#a35116931, and give us more information?
0
 

Author Comment

by:dshrenik
ID: 35121449
@Qlemo:
Sorry for missing that. It is not a one-time action. And I want this to work for several ordinary users on the same computer.
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1600 total points
ID: 35121537
Ok, then it is worth the effort.

[rant]That is the reason why Program Data/Application Data folders exist - because there should never be a change in the Program Files folder besides installing/updating an application[/rant]

Usually a bad idea, as it circumvents security, but you can still do that once as an admin:
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F

Open in new window

That should give full access to the XML files in that folder to all users. You can restrict both access and permission group, if you like.
After having set that up once on each PC, a user should be able to execute the .bat file as intended without further ado.
0
 

Author Comment

by:dshrenik
ID: 35121551
Great!
If possible, can you please give a brief description of your code.

Thank you so much!
0
 

Author Comment

by:dshrenik
ID: 35121556
And I need to run your code in Command Prompt just once as the admin, right?
0
 

Author Comment

by:dshrenik
ID: 35121558
Also, please tell me how I can restore the original settings.
0
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 400 total points
ID: 35121706
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F


takeown == take ownership = administrator    original is TrustedInstaller
icacls == Change file and folder permissions tool  since you granted you then can remove the everyone:f (f == full permissions) i.e. /remove Everyone:F

therefore to restore back to original
takeown /u TrustedInstaller /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml /remove Everyone:F

0
 

Author Comment

by:dshrenik
ID: 35121715
Thanks!
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35121742
icacls is able to save and restore security settings, which is better than to manually remove the granted access rights:

icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /save "%temp%\xml.acl"
...
icacls "%ProgramFiles(x86)%\Folder1\Folder2\" /restore "%temp%\xml.acl"
del "%temp%\xml.acl"
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 35121811
didn't know about that one.. even a better solution!!
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121876
icacls resets the security
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question