Solved

Granting permission to copy files to "Program Files (x86)

Posted on 2011-03-12
24
1,063 Views
Last Modified: 2012-05-11
I have a .bat script that tries to copy a file to "Program Files (x86)". The problem is that it requires admin privilege to do something like that.  

Please let me know how I can grant an ordinary user to do the same by just running the .bat file.

Thanks!
0
Comment
Question by:dshrenik
  • 10
  • 5
  • 4
  • +3
24 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 35116361
You can add the permissions for the copy by adding the user/group with modify/full rights under the security tab for the folder.

Note that this will also enable this user/group to delete items.
 
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35116598
... but doing so requires admin privileges, and taking over ownership of the folder. So you can't do it simply by calling a batch file, you need to "prepare" the system it should run on.
0
 

Author Comment

by:dshrenik
ID: 35116852
If possible, can you give me the step by step procedure to do the same?

Thanks!
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 30

Expert Comment

by:IanTh
ID: 35116898
you need to have uac disabled windows 7 stops you installing to c: drive

the way I found was add my local admin to c:\ in safe mode
0
 

Author Comment

by:dshrenik
ID: 35116907
How can I disable UAC?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35116931
Go into Control Panel\User Accounts. You should see the option to turn UAC on/off.

However I do not get where you head to. Is this a one-time action? Than there is no need to do anything, but to run the batch file as administrator (using the Shift-Context Menu on the batch file).
If you have to do that on several computers, you won't want the user to switch off UAC - which needs admin privs anyway.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35116989
0
 
LVL 77

Expert Comment

by:arnold
ID: 35117014
Do you have access to an administrative user's account or is your account part of the administrators group local or domain based?

What is the file that you need to copy?
0
 

Author Comment

by:dshrenik
ID: 35119756
I am the admin, and I want the other users to be able to run the .bat file by just double clicking it...
0
 

Author Comment

by:dshrenik
ID: 35119757
The file I need to copy is an .xml file
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 35119799
Activate the Hidden Admin user account - http://sysnative.com/0x1/Hidden_Admin_Acct.html
0
 

Author Comment

by:dshrenik
ID: 35119805
@jcgriff2:
How can an ordinary user do that?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121071
they cant only local admin can

Like I said the c: drive is locked down in windowsd 7 you have to break the settings in safe mode to make win7 work like earlier windows versions
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35121439
Could you please go back to http:#a35116931, and give us more information?
0
 

Author Comment

by:dshrenik
ID: 35121449
@Qlemo:
Sorry for missing that. It is not a one-time action. And I want this to work for several ordinary users on the same computer.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 400 total points
ID: 35121537
Ok, then it is worth the effort.

[rant]That is the reason why Program Data/Application Data folders exist - because there should never be a change in the Program Files folder besides installing/updating an application[/rant]

Usually a bad idea, as it circumvents security, but you can still do that once as an admin:
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F

Open in new window

That should give full access to the XML files in that folder to all users. You can restrict both access and permission group, if you like.
After having set that up once on each PC, a user should be able to execute the .bat file as intended without further ado.
0
 

Author Comment

by:dshrenik
ID: 35121551
Great!
If possible, can you please give a brief description of your code.

Thank you so much!
0
 

Author Comment

by:dshrenik
ID: 35121556
And I need to run your code in Command Prompt just once as the admin, right?
0
 

Author Comment

by:dshrenik
ID: 35121558
Also, please tell me how I can restore the original settings.
0
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
ID: 35121706
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F


takeown == take ownership = administrator    original is TrustedInstaller
icacls == Change file and folder permissions tool  since you granted you then can remove the everyone:f (f == full permissions) i.e. /remove Everyone:F

therefore to restore back to original
takeown /u TrustedInstaller /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml /remove Everyone:F

0
 

Author Comment

by:dshrenik
ID: 35121715
Thanks!
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35121742
icacls is able to save and restore security settings, which is better than to manually remove the granted access rights:

icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /save "%temp%\xml.acl"
...
icacls "%ProgramFiles(x86)%\Folder1\Folder2\" /restore "%temp%\xml.acl"
del "%temp%\xml.acl"
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 35121811
didn't know about that one.. even a better solution!!
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121876
icacls resets the security
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTFS permissions - creator owner 2 36
new year deals on hware.. 4 43
Previous versions always empty 9 34
USB 2 Driver 7 30
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question