"Route" command blocked by Windows - requires elevation

Current setup:
Windows 7 Pro 64-bit
Workgroup
Single user is a local administrator

Issue:
A batch file runs at start up of a workstation to map temporary routes and network drives. When the batch file runs the drives are mapped with no issues. Mapping the routes fails because it requires elevation. Mapping the drives and routes works fine when the batch file is run manually As Administrator.
We've been having this issue since last Wednesday, it was working absolutely fine before. No changes have been made to the computer, except for Windows updates.

Many thanks in advance for any hints.
TWM_TECHSAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David SankovskySenior SysAdminCommented:
Are you running the script at logon as a local logon policy?
if so, you can change the logon policy to 'call' the routing batch with 'runas' parameters
Steve KnightIT ConsultancyCommented:
Presumably a change to UAC settings?  Have you considered adding a route using your DHCP server btw, Option 121 I think it is ... can give examples if wanted when on PC later but google DHCP option 121 should give info.

Steve
TWM_TECHSAuthor Commented:
Thanks for the reply David.
it's just a batch script file sitting in the Start Up folder for all local users.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Try creating a scheduled task to run at logon or bootup and mark the task to run with the highest privilages/administrative rights.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
If it was in the Startup folder, I'm amazed it ever worked at all.
TWM_TECHSAuthor Commented:
Thanks for the reply Steve.

UAC is set to Never Notify and has been like that forever. We are not using DHCP server, all computers are assigned with static IPs.
TWM_TECHSAuthor Commented:
Hi Lee,

we have 15 Windows 7 computers in a workgroup and that's how it is set up and it works on all of them except for this one. stopped working last Wednesday.
Lee W, MVPTechnology and Business Process AdvisorCommented:
The only way I can imagine that working is if UAC is turned off or you have the shortcut set to run as administrator.  But if UAC is on, it should force an ok.  A scheduled task is a better option.  (A group policy with a server is an even better option).
Fred MarshallPrincipalCommented:
The way to do this is as follows:

1) Save the .bat file somewhere.

2) Make a shortcut on the desktop to the .bat file.

3) Modify the shortcut to "Run as Administrator".
[tab: Shortcut / Advanced / Check "Run as Administrator" box]

4) Test it from the desktop.

5) When it works, copy the shortcut into the Startup folder.
marsiliesCommented:
UAC is set to Never Notify and has been like that forever.
This is just a horrible, horrible idea. It's basically effectively disabling UAC, which adds another security layer to running software.  You should really consider enabling it and working around whatever issues your current software has with it.

Scheduling the batch file to run with elevated rights is the correct way to go.
McKnifeCommented:
Use a GPO to deploy it as a startup script and there you go. Startup scripts don't care for UAC as they use the system account to run and system is not governed by UAC.
Using the startup folder with UAC down, it works for admins and fails for non-admins, normal behavior.

But: mapping drives needs to be done for the user, it cannot be done in a startup script since that mappings would not be visible for users.

Conclusion: the route commands into the startup script and the mappings (net use...) into the logon script or startup folder or group policy preference items.
Steve KnightIT ConsultancyCommented:
McKnife - I would do all this differently to the way they have it too, but he says this is workgroup not domain, fixed IP's and manual routes, the guy obviously likes doing things the hard way :-)

As to what has changed, reverse out any MS Updates I suppose if needed.

Or better still, turn UAC back on, add the routes through a scheduled batch file if needed.  Or if this starts on every startup any reason not just to do a one-off add of persistent route (-p on route command) and just delete the route when finished with it etc.
McKnifeCommented:
Don't have to be domain GPOs. Local GPOs can be used for startup scripts, too.
David SankovskySenior SysAdminCommented:
Actually GPO can be used for both.
Startup script (In the computer section) to add the routes
and logon script (User section) to map the drives.
McKnifeCommented:
Comment on the solution:
The trigger "at logon" isn't possible because that would run with user rights and without admin rights, marking it to "run with highest privileges" has no effect. If we choose the trigger "at startup", then "run with highest privileges" isn't needed anyway because the system account does not care for UAC.

With win8 and win10 (you might want to adopt 10 soon), task with the startup trigger do not run. Neither do startup scripts. It's all due to Microsoft's "great" idea to use a new technology called "kernel hibernation", but that's a different story. Just keep in mind, that when you move to 10, you will have to change your solution to something else!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.