We help IT Professionals succeed at work.

Execute a Batch File bypassing the UAC

Hello Experts,
I am required to execute a batch script which starts or stops a service on Windows Server 2012 machine. I however do not want the UAC window asking for admin privileges to pop-up, as I am actually invoking the batch execute from another application in an automated fashion. While I do have admin rights on the machine, it restricts me from accessing the registry or the Task Scheduler.

Can I please know if there is a way out?
Watch Question

Dr. KlahnPrincipal Software Engineer

Have you looked into psexec?  I have not checked this, but I see no reason it would not work if the "remote" system is the same machine.

Most Valuable Expert 2019
Most Valuable Expert 2018

No need for elevation/UAC bypass.
All you need to do is set service permissions, so that the elevated Administrators token isn't required.
Delegate the permissions to control the service to a domain local group (or local group on the server hosting the service), and add the user(s) running the application to this group.
Note: do not delegate to individual user accounts!

You can delegate the permissions using a GPO, for example (no relevant changes since 2003 ...):
How To Configure Group Policies to Set Security for System Services in Windows Server 2003

If it's just one server, you can do that locally using subinacl.exe as well:
SubInACL (SubInACL.exe)
Note that subinacl.exe is a stand-alone program, you don't really need to install it. You can open the msi using 7-zip, for example, and extract the exe.
This should work for you:
subinacl.exe /service "YourService" /grant=YOURDOMAIN\YourGroup=QSTOP

Open in new window

subinacl.exe /help /full
  F : Full Control
  R : Generic Read
  W : Generic Write
  X : Generic eXecute
  L : Read controL
  Q : Query Service Configuration
  S : Query Service Status
  E : Enumerate Dependent Services
  C : Service Change Configuration
  T : Start Service
  O : Stop Service
  P : Pause/Continue Service
  I : Interrogate Service
  U : Service User-Defined Control Commands

Open in new window

Most Valuable Expert 2019
Most Valuable Expert 2018
Just stumbled over this third-party tool which seems to do the job as well:
A Free Standalone GUI utility to Set Permissions for any Windows Service


Thanks for the response!