Solved

Granting permission to copy files to "Program Files (x86)

Posted on 2011-03-12
24
1,071 Views
Last Modified: 2012-05-11
I have a .bat script that tries to copy a file to "Program Files (x86)". The problem is that it requires admin privilege to do something like that.  

Please let me know how I can grant an ordinary user to do the same by just running the .bat file.

Thanks!
0
Comment
Question by:dshrenik
  • 10
  • 5
  • 4
  • +3
24 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 35116361
You can add the permissions for the copy by adding the user/group with modify/full rights under the security tab for the folder.

Note that this will also enable this user/group to delete items.
 
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35116598
... but doing so requires admin privileges, and taking over ownership of the folder. So you can't do it simply by calling a batch file, you need to "prepare" the system it should run on.
0
 

Author Comment

by:dshrenik
ID: 35116852
If possible, can you give me the step by step procedure to do the same?

Thanks!
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 30

Expert Comment

by:IanTh
ID: 35116898
you need to have uac disabled windows 7 stops you installing to c: drive

the way I found was add my local admin to c:\ in safe mode
0
 

Author Comment

by:dshrenik
ID: 35116907
How can I disable UAC?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35116931
Go into Control Panel\User Accounts. You should see the option to turn UAC on/off.

However I do not get where you head to. Is this a one-time action? Than there is no need to do anything, but to run the batch file as administrator (using the Shift-Context Menu on the batch file).
If you have to do that on several computers, you won't want the user to switch off UAC - which needs admin privs anyway.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35116989
0
 
LVL 77

Expert Comment

by:arnold
ID: 35117014
Do you have access to an administrative user's account or is your account part of the administrators group local or domain based?

What is the file that you need to copy?
0
 

Author Comment

by:dshrenik
ID: 35119756
I am the admin, and I want the other users to be able to run the .bat file by just double clicking it...
0
 

Author Comment

by:dshrenik
ID: 35119757
The file I need to copy is an .xml file
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 35119799
Activate the Hidden Admin user account - http://sysnative.com/0x1/Hidden_Admin_Acct.html
0
 

Author Comment

by:dshrenik
ID: 35119805
@jcgriff2:
How can an ordinary user do that?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121071
they cant only local admin can

Like I said the c: drive is locked down in windowsd 7 you have to break the settings in safe mode to make win7 work like earlier windows versions
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35121439
Could you please go back to http:#a35116931, and give us more information?
0
 

Author Comment

by:dshrenik
ID: 35121449
@Qlemo:
Sorry for missing that. It is not a one-time action. And I want this to work for several ordinary users on the same computer.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 400 total points
ID: 35121537
Ok, then it is worth the effort.

[rant]That is the reason why Program Data/Application Data folders exist - because there should never be a change in the Program Files folder besides installing/updating an application[/rant]

Usually a bad idea, as it circumvents security, but you can still do that once as an admin:
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F

Open in new window

That should give full access to the XML files in that folder to all users. You can restrict both access and permission group, if you like.
After having set that up once on each PC, a user should be able to execute the .bat file as intended without further ado.
0
 

Author Comment

by:dshrenik
ID: 35121551
Great!
If possible, can you please give a brief description of your code.

Thank you so much!
0
 

Author Comment

by:dshrenik
ID: 35121556
And I need to run your code in Command Prompt just once as the admin, right?
0
 

Author Comment

by:dshrenik
ID: 35121558
Also, please tell me how I can restore the original settings.
0
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
ID: 35121706
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F


takeown == take ownership = administrator    original is TrustedInstaller
icacls == Change file and folder permissions tool  since you granted you then can remove the everyone:f (f == full permissions) i.e. /remove Everyone:F

therefore to restore back to original
takeown /u TrustedInstaller /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml /remove Everyone:F

0
 

Author Comment

by:dshrenik
ID: 35121715
Thanks!
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35121742
icacls is able to save and restore security settings, which is better than to manually remove the granted access rights:

icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /save "%temp%\xml.acl"
...
icacls "%ProgramFiles(x86)%\Folder1\Folder2\" /restore "%temp%\xml.acl"
del "%temp%\xml.acl"
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 35121811
didn't know about that one.. even a better solution!!
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121876
icacls resets the security
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question