• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1114
  • Last Modified:

Granting permission to copy files to "Program Files (x86)

I have a .bat script that tries to copy a file to "Program Files (x86)". The problem is that it requires admin privilege to do something like that.  

Please let me know how I can grant an ordinary user to do the same by just running the .bat file.

Thanks!
0
dshrenik
Asked:
dshrenik
  • 10
  • 5
  • 4
  • +3
2 Solutions
 
arnoldCommented:
You can add the permissions for the copy by adding the user/group with modify/full rights under the security tab for the folder.

Note that this will also enable this user/group to delete items.
 
0
 
QlemoC++ DeveloperCommented:
... but doing so requires admin privileges, and taking over ownership of the folder. So you can't do it simply by calling a batch file, you need to "prepare" the system it should run on.
0
 
dshrenikAuthor Commented:
If possible, can you give me the step by step procedure to do the same?

Thanks!
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
IanThCommented:
you need to have uac disabled windows 7 stops you installing to c: drive

the way I found was add my local admin to c:\ in safe mode
0
 
dshrenikAuthor Commented:
How can I disable UAC?
0
 
QlemoC++ DeveloperCommented:
Go into Control Panel\User Accounts. You should see the option to turn UAC on/off.

However I do not get where you head to. Is this a one-time action? Than there is no need to do anything, but to run the batch file as administrator (using the Shift-Context Menu on the batch file).
If you have to do that on several computers, you won't want the user to switch off UAC - which needs admin privs anyway.
0
 
IanThCommented:
0
 
arnoldCommented:
Do you have access to an administrative user's account or is your account part of the administrators group local or domain based?

What is the file that you need to copy?
0
 
dshrenikAuthor Commented:
I am the admin, and I want the other users to be able to run the .bat file by just double clicking it...
0
 
dshrenikAuthor Commented:
The file I need to copy is an .xml file
0
 
John GriffithCommented:
Activate the Hidden Admin user account - http://sysnative.com/0x1/Hidden_Admin_Acct.html
0
 
dshrenikAuthor Commented:
@jcgriff2:
How can an ordinary user do that?
0
 
IanThCommented:
they cant only local admin can

Like I said the c: drive is locked down in windowsd 7 you have to break the settings in safe mode to make win7 work like earlier windows versions
0
 
QlemoC++ DeveloperCommented:
Could you please go back to http:#a35116931, and give us more information?
0
 
dshrenikAuthor Commented:
@Qlemo:
Sorry for missing that. It is not a one-time action. And I want this to work for several ordinary users on the same computer.
0
 
QlemoC++ DeveloperCommented:
Ok, then it is worth the effort.

[rant]That is the reason why Program Data/Application Data folders exist - because there should never be a change in the Program Files folder besides installing/updating an application[/rant]

Usually a bad idea, as it circumvents security, but you can still do that once as an admin:
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F

Open in new window

That should give full access to the XML files in that folder to all users. You can restrict both access and permission group, if you like.
After having set that up once on each PC, a user should be able to execute the .bat file as intended without further ado.
0
 
dshrenikAuthor Commented:
Great!
If possible, can you please give a brief description of your code.

Thank you so much!
0
 
dshrenikAuthor Commented:
And I need to run your code in Command Prompt just once as the admin, right?
0
 
dshrenikAuthor Commented:
Also, please tell me how I can restore the original settings.
0
 
David Johnson, CD, MVPOwnerCommented:
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F


takeown == take ownership = administrator    original is TrustedInstaller
icacls == Change file and folder permissions tool  since you granted you then can remove the everyone:f (f == full permissions) i.e. /remove Everyone:F

therefore to restore back to original
takeown /u TrustedInstaller /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml /remove Everyone:F

0
 
dshrenikAuthor Commented:
Thanks!
0
 
QlemoC++ DeveloperCommented:
icacls is able to save and restore security settings, which is better than to manually remove the granted access rights:

icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /save "%temp%\xml.acl"
...
icacls "%ProgramFiles(x86)%\Folder1\Folder2\" /restore "%temp%\xml.acl"
del "%temp%\xml.acl"
0
 
David Johnson, CD, MVPOwnerCommented:
didn't know about that one.. even a better solution!!
0
 
IanThCommented:
icacls resets the security
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 10
  • 5
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now