Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 471
  • Last Modified:

How do i run a batch file as local admin?

Hello,

I need to run a batch file as local admin to change a value in Windows XP registry.
How do I do that?
Thanks
S
0
Sean
Asked:
Sean
  • 8
  • 5
  • 4
  • +4
1 Solution
 
sshah254Commented:
Right click-on command prompt and use the "Run as " option.

Then run the batch file form the DOS box.

Ss
0
 
SeanAuthor Commented:
No can do. The batch file will run via a log in script.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
No can do* - You cannot automate runas to run like that and there is no other option through a logon script.

Now if you want to do this via a STARTUP script, you can put a startup script in a group policy and it should run as the system account.

Otherwise, if you tell us WHAT the batch file is supposed to do, there may be other options.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
SeanAuthor Commented:
The batch file is to change certain registry values. Since  my users are not a member of the local admin group so the script will not run.

0
 
Aaron TomoskyTechnology ConsultantCommented:
I think you can use a shortcut tp the batchfile at have it run as a different user. Psexec from Microsoft can also do this.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I guess I'll repeat:
> Now if you want to do this via a STARTUP script, you can put a startup
> script in a group policy and it should run as the system account.
0
 
OP_ZaharinCommented:
-in the script u can specify: runas /user:Administrator cmd

- you might also want to check other syntax for runas:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
> -in the script u can specify: runas /user:Administrator cmd
No, you can't - you cannot specify a password in the script.  And even if you could, that would be a REALLY unwise idea as it would be a script anyone could see!
0
 
OP_ZaharinCommented:
slimlcd101, what language are you using to write the script? this is a sample of a VB script by Vic Laurie which also show a sample to supply the password:

'Written by Vic Laurie, May, 2004
'Not responsible for any problems arising from use of the script
'-------------------------------------------------------
Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:administrator ""PrintArt.exe"""
WScript.Sleep 100
'Replace the string yourpassword~ below with
'the password used on your system. Include tilde
oShell.Sendkeys "yourpassword~"
Wscript.Quit

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I'll repeat and emphasize - storing a password in a cleartext file is EXTREMELY UNWISE.
0
 
SeanAuthor Commented:
leew, you are correct in several points. You can not specify password wit "RunAs" command.
and yes storing the password is a bad idea, I am sure many here would agree. However as last resort and since this is only temporary I may have no choice.
Leew, cant do the start-up script because there is a lot more that needs to me in-place to be able to go that route but will certainly give it a try.

OP_Zaharin:
I am using .bat file. to run and .exe which will change registry values.
I will give your suggestion a try.

Thank you all. Much appreciated.
Sean
0
 
OP_ZaharinCommented:
- I understand leew concern and I agree it is very bad to store the password in your script if it's not a compiled program.

Sean,
- if you are writing an .exe program, why not run it from "Startup" as suggested by leew? instead of running the .bat file, you execute the .exe straightaway. you can set at the "Properties" of the .exe file, under "Compatibility" tab to run as Administrator.

- however if you must run it as a .bat file, you can set the .bat file properties to run in minimize mode.  add @ECHO OFF on top of the code. and place it where normal user would not find it.

- here is an alternative to the Windows "runas" where you can supply the password. to be safe and avoid conflict with Windows "runas", I would rename to other name and put it in the same directory as the .bat file. purchase the software and it will encrypt your command line: http://www.softtreetech.com/24x7/archive/53.htm


0
 
SeanAuthor Commented:
OP Zaharin,
Just to make sure. I am the batch file is part of login script.  Would the above work for login scripts? I don't see why it shouldn't.

Thanks
S
0
 
OP_ZaharinCommented:
Sean,
- i believe it will :)
0
 
FireW0lfCommented:
Hi slimlcd101

Can I ask, why are you using a batch script? If you wish to change a registry key you can use a GPO to do this:

Computer Config / Windows Settings / Security Settings / Registry
 Add the reg key in there, apply the GPO to a group, job done - securely!
0
 
xylogCommented:
If you are setting a registry key that is not part of the users profile, you can use the built in reg command:

reg add \\computername\HKLM\example\path /v your-value /d your-data /t your-type

The for command can be used to distribute this setting to a list of computers:

for /f %i in (list.txt) do reg add \\%i\HKLM\example\path /v your-value /d your-data /t your-type

0
 
SeanAuthor Commented:
I need to run an executable ( received from development ) to change about 10 registry values.
I don't want to have to do this manually on 30+ computers so I thought write a simple batch file that would run the executable and add the batch file to the login script no problem however, in order for the executable to run at the login the users must be a member of the local admin group.
By adding it to the login script I can choose the users that require this change.

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
sorry, but I still don't understand why you can't do this with a group policy.  If you want to illustrate your environment better, maybe I can understand or maybe there's something you're misunderstanding.

The group policy as suggested by FireWolf or a startup script in a group policy - either should work.
0
 
SeanAuthor Commented:
leew,

I will certainly try the GPO route. Not too much experience with the GPO but I shall give it a try.
I will need to change the registry value not add. I guess that is also possible,
Thanks
0
 
FireW0lfCommented:
Yes, if there is a reg entry already, the GPO will simply overwrite it

Open the GPMC and create a new GPO, call it "Reg Entries for Corporate app" or something meaningful
Edit the new GPO
In the left hand pane, navigate down to: Computer Config / Windows Settings / Security Settings / Registry
Add your reg entries in there (just get a list of the values from your dev team)
Close the GPO
Now, simply assign it to a meaningful AD group, and the next time the workstations do a GP Update (they do it automatically every so often) they will grab the policy and apply it

Simple as that  :-)
0
 
SeanAuthor Commented:
Firewolf,

sounds great.
Will give it a try.
Thanks
0
 
SeanAuthor Commented:
Thank you.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 8
  • 5
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now