Solved

Granting permission to copy files to "Program Files (x86)

Posted on 2011-03-12
24
1,074 Views
Last Modified: 2012-05-11
I have a .bat script that tries to copy a file to "Program Files (x86)". The problem is that it requires admin privilege to do something like that.  

Please let me know how I can grant an ordinary user to do the same by just running the .bat file.

Thanks!
0
Comment
Question by:dshrenik
  • 10
  • 5
  • 4
  • +3
24 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 35116361
You can add the permissions for the copy by adding the user/group with modify/full rights under the security tab for the folder.

Note that this will also enable this user/group to delete items.
 
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35116598
... but doing so requires admin privileges, and taking over ownership of the folder. So you can't do it simply by calling a batch file, you need to "prepare" the system it should run on.
0
 

Author Comment

by:dshrenik
ID: 35116852
If possible, can you give me the step by step procedure to do the same?

Thanks!
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 30

Expert Comment

by:IanTh
ID: 35116898
you need to have uac disabled windows 7 stops you installing to c: drive

the way I found was add my local admin to c:\ in safe mode
0
 

Author Comment

by:dshrenik
ID: 35116907
How can I disable UAC?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35116931
Go into Control Panel\User Accounts. You should see the option to turn UAC on/off.

However I do not get where you head to. Is this a one-time action? Than there is no need to do anything, but to run the batch file as administrator (using the Shift-Context Menu on the batch file).
If you have to do that on several computers, you won't want the user to switch off UAC - which needs admin privs anyway.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35116989
0
 
LVL 78

Expert Comment

by:arnold
ID: 35117014
Do you have access to an administrative user's account or is your account part of the administrators group local or domain based?

What is the file that you need to copy?
0
 

Author Comment

by:dshrenik
ID: 35119756
I am the admin, and I want the other users to be able to run the .bat file by just double clicking it...
0
 

Author Comment

by:dshrenik
ID: 35119757
The file I need to copy is an .xml file
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 35119799
Activate the Hidden Admin user account - http://sysnative.com/0x1/Hidden_Admin_Acct.html
0
 

Author Comment

by:dshrenik
ID: 35119805
@jcgriff2:
How can an ordinary user do that?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121071
they cant only local admin can

Like I said the c: drive is locked down in windowsd 7 you have to break the settings in safe mode to make win7 work like earlier windows versions
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35121439
Could you please go back to http:#a35116931, and give us more information?
0
 

Author Comment

by:dshrenik
ID: 35121449
@Qlemo:
Sorry for missing that. It is not a one-time action. And I want this to work for several ordinary users on the same computer.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 400 total points
ID: 35121537
Ok, then it is worth the effort.

[rant]That is the reason why Program Data/Application Data folders exist - because there should never be a change in the Program Files folder besides installing/updating an application[/rant]

Usually a bad idea, as it circumvents security, but you can still do that once as an admin:
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F

Open in new window

That should give full access to the XML files in that folder to all users. You can restrict both access and permission group, if you like.
After having set that up once on each PC, a user should be able to execute the .bat file as intended without further ado.
0
 

Author Comment

by:dshrenik
ID: 35121551
Great!
If possible, can you please give a brief description of your code.

Thank you so much!
0
 

Author Comment

by:dshrenik
ID: 35121556
And I need to run your code in Command Prompt just once as the admin, right?
0
 

Author Comment

by:dshrenik
ID: 35121558
Also, please tell me how I can restore the original settings.
0
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
ID: 35121706
@echo off
if "%1" == "" runas /user:administrator "\"%~f0\" elevated": exit /b 0

takeown /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /grant Everyone:F


takeown == take ownership = administrator    original is TrustedInstaller
icacls == Change file and folder permissions tool  since you granted you then can remove the everyone:f (f == full permissions) i.e. /remove Everyone:F

therefore to restore back to original
takeown /u TrustedInstaller /f "%ProgramFiles(x86)%\Folder1\Folder2"
icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml /remove Everyone:F

0
 

Author Comment

by:dshrenik
ID: 35121715
Thanks!
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35121742
icacls is able to save and restore security settings, which is better than to manually remove the granted access rights:

icacls "%ProgramFiles(x86)%\Folder1\Folder2\*.xml" /save "%temp%\xml.acl"
...
icacls "%ProgramFiles(x86)%\Folder1\Folder2\" /restore "%temp%\xml.acl"
del "%temp%\xml.acl"
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 35121811
didn't know about that one.. even a better solution!!
0
 
LVL 30

Expert Comment

by:IanTh
ID: 35121876
icacls resets the security
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question