How do i run a batch file as local admin?

Hello,

I need to run a batch file as local admin to change a value in Windows XP registry.
How do I do that?
Thanks
S
LVL 1
SeanAsked:
Who is Participating?
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I guess I'll repeat:
> Now if you want to do this via a STARTUP script, you can put a startup
> script in a group policy and it should run as the system account.
0
 
sshah254Commented:
Right click-on command prompt and use the "Run as " option.

Then run the batch file form the DOS box.

Ss
0
 
SeanAuthor Commented:
No can do. The batch file will run via a log in script.
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
No can do* - You cannot automate runas to run like that and there is no other option through a logon script.

Now if you want to do this via a STARTUP script, you can put a startup script in a group policy and it should run as the system account.

Otherwise, if you tell us WHAT the batch file is supposed to do, there may be other options.
0
 
SeanAuthor Commented:
The batch file is to change certain registry values. Since  my users are not a member of the local admin group so the script will not run.

0
 
Aaron TomoskySD-WAN SimplifiedCommented:
I think you can use a shortcut tp the batchfile at have it run as a different user. Psexec from Microsoft can also do this.
0
 
OP_ZaharinCommented:
-in the script u can specify: runas /user:Administrator cmd

- you might also want to check other syntax for runas:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
> -in the script u can specify: runas /user:Administrator cmd
No, you can't - you cannot specify a password in the script.  And even if you could, that would be a REALLY unwise idea as it would be a script anyone could see!
0
 
OP_ZaharinCommented:
slimlcd101, what language are you using to write the script? this is a sample of a VB script by Vic Laurie which also show a sample to supply the password:

'Written by Vic Laurie, May, 2004
'Not responsible for any problems arising from use of the script
'-------------------------------------------------------
Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:administrator ""PrintArt.exe"""
WScript.Sleep 100
'Replace the string yourpassword~ below with
'the password used on your system. Include tilde
oShell.Sendkeys "yourpassword~"
Wscript.Quit

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I'll repeat and emphasize - storing a password in a cleartext file is EXTREMELY UNWISE.
0
 
SeanAuthor Commented:
leew, you are correct in several points. You can not specify password wit "RunAs" command.
and yes storing the password is a bad idea, I am sure many here would agree. However as last resort and since this is only temporary I may have no choice.
Leew, cant do the start-up script because there is a lot more that needs to me in-place to be able to go that route but will certainly give it a try.

OP_Zaharin:
I am using .bat file. to run and .exe which will change registry values.
I will give your suggestion a try.

Thank you all. Much appreciated.
Sean
0
 
OP_ZaharinCommented:
- I understand leew concern and I agree it is very bad to store the password in your script if it's not a compiled program.

Sean,
- if you are writing an .exe program, why not run it from "Startup" as suggested by leew? instead of running the .bat file, you execute the .exe straightaway. you can set at the "Properties" of the .exe file, under "Compatibility" tab to run as Administrator.

- however if you must run it as a .bat file, you can set the .bat file properties to run in minimize mode.  add @ECHO OFF on top of the code. and place it where normal user would not find it.

- here is an alternative to the Windows "runas" where you can supply the password. to be safe and avoid conflict with Windows "runas", I would rename to other name and put it in the same directory as the .bat file. purchase the software and it will encrypt your command line: http://www.softtreetech.com/24x7/archive/53.htm


0
 
SeanAuthor Commented:
OP Zaharin,
Just to make sure. I am the batch file is part of login script.  Would the above work for login scripts? I don't see why it shouldn't.

Thanks
S
0
 
OP_ZaharinCommented:
Sean,
- i believe it will :)
0
 
FireW0lfCommented:
Hi slimlcd101

Can I ask, why are you using a batch script? If you wish to change a registry key you can use a GPO to do this:

Computer Config / Windows Settings / Security Settings / Registry
 Add the reg key in there, apply the GPO to a group, job done - securely!
0
 
xylogCommented:
If you are setting a registry key that is not part of the users profile, you can use the built in reg command:

reg add \\computername\HKLM\example\path /v your-value /d your-data /t your-type

The for command can be used to distribute this setting to a list of computers:

for /f %i in (list.txt) do reg add \\%i\HKLM\example\path /v your-value /d your-data /t your-type

0
 
SeanAuthor Commented:
I need to run an executable ( received from development ) to change about 10 registry values.
I don't want to have to do this manually on 30+ computers so I thought write a simple batch file that would run the executable and add the batch file to the login script no problem however, in order for the executable to run at the login the users must be a member of the local admin group.
By adding it to the login script I can choose the users that require this change.

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
sorry, but I still don't understand why you can't do this with a group policy.  If you want to illustrate your environment better, maybe I can understand or maybe there's something you're misunderstanding.

The group policy as suggested by FireWolf or a startup script in a group policy - either should work.
0
 
SeanAuthor Commented:
leew,

I will certainly try the GPO route. Not too much experience with the GPO but I shall give it a try.
I will need to change the registry value not add. I guess that is also possible,
Thanks
0
 
FireW0lfCommented:
Yes, if there is a reg entry already, the GPO will simply overwrite it

Open the GPMC and create a new GPO, call it "Reg Entries for Corporate app" or something meaningful
Edit the new GPO
In the left hand pane, navigate down to: Computer Config / Windows Settings / Security Settings / Registry
Add your reg entries in there (just get a list of the values from your dev team)
Close the GPO
Now, simply assign it to a meaningful AD group, and the next time the workstations do a GP Update (they do it automatically every so often) they will grab the policy and apply it

Simple as that  :-)
0
 
SeanAuthor Commented:
Firewolf,

sounds great.
Will give it a try.
Thanks
0
 
SeanAuthor Commented:
Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.