batch file does not run with admin rights

Windows will not run a .bat file.

I have a batch file and an exe file that I'm trying to run from a network location.
Everyone has full access to this network location.  When I double click the batch file and run it as the logged in user,
the file works fine.  When I right click, and select run as administrator, it fails, it does not run.  It's like reversed, I'm trying to use a GP policy to install this file on
all PCs, but it's not working and I think this is why it's not working.

DanNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITEnd-user supportCommented:
This seems to be an install that requires admin rights, so the gpo should be under Computer Configuration (not User Configuration) > Policies > Windows Settings > Scripts > Startup.

BTW, there seems to be a mis-spelling, i.e. s:\FileTra nsfer
MacleanSystem EngineerCommented:
That script is intended for the regular endpoint deployment, I am not certain whether the InterceptX deploys through the same methods if downloaded as a standalone package (I could be wrong, I just recall having some issues trying to deploy it separate from the existing AV, but forgot what the issue was unfortuntely).
What I do is I log into the cloud console, and download the complete package.

Once I have that I run a script to uninstall the existing Sophos installation (Set as Run Once) after which I run the script part which you also run utilizing the SophosSetup.exe which contains both AV & InterceptX

Not sure if that helps or is applicable to your environment, but it does the job for me.
Once everyone has the full package deployed you can create a new GPO to check if installed, and if no, deploy full package.
This is however a GPO under computer as mentioned by the expert above my post his comments.
The blank that NVIT noted is the 1st problem. The 2nd is the drive s: - it has to be present for any user, and network drives are per-user! So it's better to use \\server\share\... (the UNC notation).
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

DanNetwork EngineerAuthor Commented:
I'll check when I get in tomorrow
DanNetwork EngineerAuthor Commented:
I corrected the spelling in the path, removed the extra space.  I also changed the path to the unc, \\server\path, and
I double checked and the script is under the computer config -> policies -> windows settings -> scripts and it's still not working.

I did a gpupdate/force on a the client, and restarted it a few times, I confirmed the computer is in the correct OU as well where the policy would be applied, actually it gets applied to all of the computers.  

I did an RSOP, and it looks like there are two references tot eh same batch file, not sure why, or how to clean that up?
I also included a pic of my GP.
DanNetwork EngineerAuthor Commented:
I ran a gpresult and the report has no data for "computer details", which it should, since this script is under the computer section, not user.
DanNetwork EngineerAuthor Commented:
I also checked the event log and I couldn't find anything point to a failed GP.
1 in rsop, check the full GPO names - they are cut off in the screenshot. Maybe some similar GPO in effect as well?
2 "the report has no data for "computer details", which it should" - you need to start gpresult from an elevated command line.
3 Please simulate the run as follows:
A) download psexec (part of pstools)
B) on an elevated command line, run: psexec -s -i cmd
C) on the new command line which appears, run \\fs1\...\...\...yourscript.bat and see what errors show and quote those.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DanNetwork EngineerAuthor Commented:
I did check the names, they are correct.
I did forget to run it as elevated, I just did and ther are entries under computer section.

here's a snipit from the report:
here's the output from the 2nd cmd prompt:
If the path cannot be found, then most probably, the system account has no access permissions. Set permissions on the share so the the group authenticated users has read permissions. Do the same at NTFS level.
DanNetwork EngineerAuthor Commented:
McKnife,  sorry for the late response, just been overwhelmed.

I just checked and "authenticated users" does have "read and execute", "List folder contents" and "read" permissions, so that's probably not the issue?
Did you check both share and NTFS permissions? If so, are denials being used?
DanNetwork EngineerAuthor Commented:
under file sharing, everyone is listed as read/write
under security tab, everyone has allow and authenticated users have read & execute, list folder contents and read
DanNetwork EngineerAuthor Commented:
nothing in the denials section
NVITEnd-user supportCommented:
It can't seem to find SophosSetup.exe.

SophosSetup.exe should be in \\fs1\officefiles\filetransfer\sophosinterceptx

Assuming your .bat file runs from the Computer Config gpo...

In your .bat file, put a line:
dir "\\fs1\officefiles\filetransfer\sophosinterceptx">"c:\testrun.txt"

Open in new window

Then, reboot the station.

Then, review the c:\testrun.txt contents

If testrun.txt doesn't
show  \\fs1\officefiles\filetransfer\sophosinterceptx\SophosSetup.exe as expected, then as mcknife said, it's a permissions issue.
DanNetwork EngineerAuthor Commented:
Thanks guys for your help, I am using PDQ deploy and it works great.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.