Solved

How do i run a batch file as local admin?

Posted on 2011-03-21
22
456 Views
Last Modified: 2012-05-11
Hello,

I need to run a batch file as local admin to change a value in Windows XP registry.
How do I do that?
Thanks
S
0
Comment
Question by:Sean
  • 8
  • 5
  • 4
  • +4
22 Comments
 
LVL 9

Expert Comment

by:sshah254
Comment Utility
Right click-on command prompt and use the "Run as " option.

Then run the batch file form the DOS box.

Ss
0
 
LVL 1

Author Comment

by:Sean
Comment Utility
No can do. The batch file will run via a log in script.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
No can do* - You cannot automate runas to run like that and there is no other option through a logon script.

Now if you want to do this via a STARTUP script, you can put a startup script in a group policy and it should run as the system account.

Otherwise, if you tell us WHAT the batch file is supposed to do, there may be other options.
0
 
LVL 1

Author Comment

by:Sean
Comment Utility
The batch file is to change certain registry values. Since  my users are not a member of the local admin group so the script will not run.

0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
I think you can use a shortcut tp the batchfile at have it run as a different user. Psexec from Microsoft can also do this.
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
Comment Utility
I guess I'll repeat:
> Now if you want to do this via a STARTUP script, you can put a startup
> script in a group policy and it should run as the system account.
0
 
LVL 23

Expert Comment

by:OP_Zaharin
Comment Utility
-in the script u can specify: runas /user:Administrator cmd

- you might also want to check other syntax for runas:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true

0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
> -in the script u can specify: runas /user:Administrator cmd
No, you can't - you cannot specify a password in the script.  And even if you could, that would be a REALLY unwise idea as it would be a script anyone could see!
0
 
LVL 23

Expert Comment

by:OP_Zaharin
Comment Utility
slimlcd101, what language are you using to write the script? this is a sample of a VB script by Vic Laurie which also show a sample to supply the password:

'Written by Vic Laurie, May, 2004
'Not responsible for any problems arising from use of the script
'-------------------------------------------------------
Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:administrator ""PrintArt.exe"""
WScript.Sleep 100
'Replace the string yourpassword~ below with
'the password used on your system. Include tilde
oShell.Sendkeys "yourpassword~"
Wscript.Quit

0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
I'll repeat and emphasize - storing a password in a cleartext file is EXTREMELY UNWISE.
0
 
LVL 1

Author Comment

by:Sean
Comment Utility
leew, you are correct in several points. You can not specify password wit "RunAs" command.
and yes storing the password is a bad idea, I am sure many here would agree. However as last resort and since this is only temporary I may have no choice.
Leew, cant do the start-up script because there is a lot more that needs to me in-place to be able to go that route but will certainly give it a try.

OP_Zaharin:
I am using .bat file. to run and .exe which will change registry values.
I will give your suggestion a try.

Thank you all. Much appreciated.
Sean
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 23

Expert Comment

by:OP_Zaharin
Comment Utility
- I understand leew concern and I agree it is very bad to store the password in your script if it's not a compiled program.

Sean,
- if you are writing an .exe program, why not run it from "Startup" as suggested by leew? instead of running the .bat file, you execute the .exe straightaway. you can set at the "Properties" of the .exe file, under "Compatibility" tab to run as Administrator.

- however if you must run it as a .bat file, you can set the .bat file properties to run in minimize mode.  add @ECHO OFF on top of the code. and place it where normal user would not find it.

- here is an alternative to the Windows "runas" where you can supply the password. to be safe and avoid conflict with Windows "runas", I would rename to other name and put it in the same directory as the .bat file. purchase the software and it will encrypt your command line: http://www.softtreetech.com/24x7/archive/53.htm


0
 
LVL 1

Author Comment

by:Sean
Comment Utility
OP Zaharin,
Just to make sure. I am the batch file is part of login script.  Would the above work for login scripts? I don't see why it shouldn't.

Thanks
S
0
 
LVL 23

Expert Comment

by:OP_Zaharin
Comment Utility
Sean,
- i believe it will :)
0
 
LVL 4

Expert Comment

by:FireW0lf
Comment Utility
Hi slimlcd101

Can I ask, why are you using a batch script? If you wish to change a registry key you can use a GPO to do this:

Computer Config / Windows Settings / Security Settings / Registry
 Add the reg key in there, apply the GPO to a group, job done - securely!
0
 
LVL 5

Expert Comment

by:xylog
Comment Utility
If you are setting a registry key that is not part of the users profile, you can use the built in reg command:

reg add \\computername\HKLM\example\path /v your-value /d your-data /t your-type

The for command can be used to distribute this setting to a list of computers:

for /f %i in (list.txt) do reg add \\%i\HKLM\example\path /v your-value /d your-data /t your-type

0
 
LVL 1

Author Comment

by:Sean
Comment Utility
I need to run an executable ( received from development ) to change about 10 registry values.
I don't want to have to do this manually on 30+ computers so I thought write a simple batch file that would run the executable and add the batch file to the login script no problem however, in order for the executable to run at the login the users must be a member of the local admin group.
By adding it to the login script I can choose the users that require this change.

0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
sorry, but I still don't understand why you can't do this with a group policy.  If you want to illustrate your environment better, maybe I can understand or maybe there's something you're misunderstanding.

The group policy as suggested by FireWolf or a startup script in a group policy - either should work.
0
 
LVL 1

Author Comment

by:Sean
Comment Utility
leew,

I will certainly try the GPO route. Not too much experience with the GPO but I shall give it a try.
I will need to change the registry value not add. I guess that is also possible,
Thanks
0
 
LVL 4

Expert Comment

by:FireW0lf
Comment Utility
Yes, if there is a reg entry already, the GPO will simply overwrite it

Open the GPMC and create a new GPO, call it "Reg Entries for Corporate app" or something meaningful
Edit the new GPO
In the left hand pane, navigate down to: Computer Config / Windows Settings / Security Settings / Registry
Add your reg entries in there (just get a list of the values from your dev team)
Close the GPO
Now, simply assign it to a meaningful AD group, and the next time the workstations do a GP Update (they do it automatically every so often) they will grab the policy and apply it

Simple as that  :-)
0
 
LVL 1

Author Comment

by:Sean
Comment Utility
Firewolf,

sounds great.
Will give it a try.
Thanks
0
 
LVL 1

Author Closing Comment

by:Sean
Comment Utility
Thank you.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now