How do i run a batch file as local admin?
Hello,
I need to run a batch file as local admin to change a value in Windows XP registry.
How do I do that?
Thanks
S
I need to run a batch file as local admin to change a value in Windows XP registry.
How do I do that?
Thanks
S
ASKER
No can do. The batch file will run via a log in script.
No can do* - You cannot automate runas to run like that and there is no other option through a logon script.
Now if you want to do this via a STARTUP script, you can put a startup script in a group policy and it should run as the system account.
Otherwise, if you tell us WHAT the batch file is supposed to do, there may be other options.
Now if you want to do this via a STARTUP script, you can put a startup script in a group policy and it should run as the system account.
Otherwise, if you tell us WHAT the batch file is supposed to do, there may be other options.
ASKER
The batch file is to change certain registry values. Since my users are not a member of the local admin group so the script will not run.
I think you can use a shortcut tp the batchfile at have it run as a different user. Psexec from Microsoft can also do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
-in the script u can specify: runas /user:Administrator cmd
- you might also want to check other syntax for runas:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
- you might also want to check other syntax for runas:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
> -in the script u can specify: runas /user:Administrator cmd
No, you can't - you cannot specify a password in the script. And even if you could, that would be a REALLY unwise idea as it would be a script anyone could see!
No, you can't - you cannot specify a password in the script. And even if you could, that would be a REALLY unwise idea as it would be a script anyone could see!
slimlcd101, what language are you using to write the script? this is a sample of a VB script by Vic Laurie which also show a sample to supply the password:
'Written by Vic Laurie, May, 2004
'Not responsible for any problems arising from use of the script
'-------------------------
Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScr
oShell.Run "runas /user:administrator ""PrintArt.exe"""
WScript.Sleep 100
'Replace the string yourpassword~ below with
'the password used on your system. Include tilde
oShell.Sendkeys "yourpassword~"
Wscript.Quit
'Written by Vic Laurie, May, 2004
'Not responsible for any problems arising from use of the script
'-------------------------
Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScr
oShell.Run "runas /user:administrator ""PrintArt.exe"""
WScript.Sleep 100
'Replace the string yourpassword~ below with
'the password used on your system. Include tilde
oShell.Sendkeys "yourpassword~"
Wscript.Quit
I'll repeat and emphasize - storing a password in a cleartext file is EXTREMELY UNWISE.
ASKER
leew, you are correct in several points. You can not specify password wit "RunAs" command.
and yes storing the password is a bad idea, I am sure many here would agree. However as last resort and since this is only temporary I may have no choice.
Leew, cant do the start-up script because there is a lot more that needs to me in-place to be able to go that route but will certainly give it a try.
OP_Zaharin:
I am using .bat file. to run and .exe which will change registry values.
I will give your suggestion a try.
Thank you all. Much appreciated.
Sean
and yes storing the password is a bad idea, I am sure many here would agree. However as last resort and since this is only temporary I may have no choice.
Leew, cant do the start-up script because there is a lot more that needs to me in-place to be able to go that route but will certainly give it a try.
OP_Zaharin:
I am using .bat file. to run and .exe which will change registry values.
I will give your suggestion a try.
Thank you all. Much appreciated.
Sean
- I understand leew concern and I agree it is very bad to store the password in your script if it's not a compiled program.
Sean,
- if you are writing an .exe program, why not run it from "Startup" as suggested by leew? instead of running the .bat file, you execute the .exe straightaway. you can set at the "Properties" of the .exe file, under "Compatibility" tab to run as Administrator.
- however if you must run it as a .bat file, you can set the .bat file properties to run in minimize mode. add @ECHO OFF on top of the code. and place it where normal user would not find it.
- here is an alternative to the Windows "runas" where you can supply the password. to be safe and avoid conflict with Windows "runas", I would rename to other name and put it in the same directory as the .bat file. purchase the software and it will encrypt your command line: http://www.softtreetech.com/24x7/archive/53.htm
Sean,
- if you are writing an .exe program, why not run it from "Startup" as suggested by leew? instead of running the .bat file, you execute the .exe straightaway. you can set at the "Properties" of the .exe file, under "Compatibility" tab to run as Administrator.
- however if you must run it as a .bat file, you can set the .bat file properties to run in minimize mode. add @ECHO OFF on top of the code. and place it where normal user would not find it.
- here is an alternative to the Windows "runas" where you can supply the password. to be safe and avoid conflict with Windows "runas", I would rename to other name and put it in the same directory as the .bat file. purchase the software and it will encrypt your command line: http://www.softtreetech.com/24x7/archive/53.htm
ASKER
OP Zaharin,
Just to make sure. I am the batch file is part of login script. Would the above work for login scripts? I don't see why it shouldn't.
Thanks
S
Just to make sure. I am the batch file is part of login script. Would the above work for login scripts? I don't see why it shouldn't.
Thanks
S
Sean,
- i believe it will :)
- i believe it will :)
Hi slimlcd101
Can I ask, why are you using a batch script? If you wish to change a registry key you can use a GPO to do this:
Computer Config / Windows Settings / Security Settings / Registry
Add the reg key in there, apply the GPO to a group, job done - securely!
Can I ask, why are you using a batch script? If you wish to change a registry key you can use a GPO to do this:
Computer Config / Windows Settings / Security Settings / Registry
Add the reg key in there, apply the GPO to a group, job done - securely!
If you are setting a registry key that is not part of the users profile, you can use the built in reg command:
reg add \\computername\HKLM\exampl
The for command can be used to distribute this setting to a list of computers:
for /f %i in (list.txt) do reg add \\%i\HKLM\example\path /v your-value /d your-data /t your-type
reg add \\computername\HKLM\exampl
The for command can be used to distribute this setting to a list of computers:
for /f %i in (list.txt) do reg add \\%i\HKLM\example\path /v your-value /d your-data /t your-type
ASKER
I need to run an executable ( received from development ) to change about 10 registry values.
I don't want to have to do this manually on 30+ computers so I thought write a simple batch file that would run the executable and add the batch file to the login script no problem however, in order for the executable to run at the login the users must be a member of the local admin group.
By adding it to the login script I can choose the users that require this change.
I don't want to have to do this manually on 30+ computers so I thought write a simple batch file that would run the executable and add the batch file to the login script no problem however, in order for the executable to run at the login the users must be a member of the local admin group.
By adding it to the login script I can choose the users that require this change.
sorry, but I still don't understand why you can't do this with a group policy. If you want to illustrate your environment better, maybe I can understand or maybe there's something you're misunderstanding.
The group policy as suggested by FireWolf or a startup script in a group policy - either should work.
The group policy as suggested by FireWolf or a startup script in a group policy - either should work.
ASKER
leew,
I will certainly try the GPO route. Not too much experience with the GPO but I shall give it a try.
I will need to change the registry value not add. I guess that is also possible,
Thanks
I will certainly try the GPO route. Not too much experience with the GPO but I shall give it a try.
I will need to change the registry value not add. I guess that is also possible,
Thanks
Yes, if there is a reg entry already, the GPO will simply overwrite it
Open the GPMC and create a new GPO, call it "Reg Entries for Corporate app" or something meaningful
Edit the new GPO
In the left hand pane, navigate down to: Computer Config / Windows Settings / Security Settings / Registry
Add your reg entries in there (just get a list of the values from your dev team)
Close the GPO
Now, simply assign it to a meaningful AD group, and the next time the workstations do a GP Update (they do it automatically every so often) they will grab the policy and apply it
Simple as that :-)
Open the GPMC and create a new GPO, call it "Reg Entries for Corporate app" or something meaningful
Edit the new GPO
In the left hand pane, navigate down to: Computer Config / Windows Settings / Security Settings / Registry
Add your reg entries in there (just get a list of the values from your dev team)
Close the GPO
Now, simply assign it to a meaningful AD group, and the next time the workstations do a GP Update (they do it automatically every so often) they will grab the policy and apply it
Simple as that :-)
ASKER
Firewolf,
sounds great.
Will give it a try.
Thanks
sounds great.
Will give it a try.
Thanks
ASKER
Thank you.
Then run the batch file form the DOS box.
Ss