How to run python script with elevated privilege on windows

Question

I am writing a pyqt application which require to execute admin task  I would prefer to start my script with elevate privilege  I am aware that this question is asked many times in SO or in other forum  But the solution people are suggesting is to have a look at this SO question Request UAC elevation from within a Python script   However  I am unable to execute the sample code given in the link  I have put this code on top of the main file and tried to execute it    import os import sys import win32com shell shell as shell ASADMIN    asadmin   if sys argv -1     ASADMIN      script   os path abspath sys argv 0       params       join  script    sys argv 1      ASADMIN       shell ShellExecuteEx lpVerb  runas   lpFile sys executable  lpParameters params      sys exit 0  print  I am root now     It actually ask permission to elevate but print line never get executed  Somebody can help me to run the above code successfully  Thanks in advance

User · Answer

I can confirm that the solution by delphifirst works and is the easiest, simplest solution to the problem of running a python script with elevated privileges.

I created a shortcut to the python executable (python.exe) and then modified the shortcut by adding my script's name after the call to python.exe. Next I checked "run as administrator" on the "compatibility tab" of the shortcut. When the shortcut is executed, you get a prompt asking permission to run the script as an administrator.

My particular python application was an installer program. The program allows installing and uninstalling another python app. In my case I created two shortcuts, one named "appname install" and the other named "appname uninstall". The only difference between the two shortcuts is the argument following the python script name. In the installer version the argument is "install". In the uninstall version the argument is "uninstall". Code in the installer script evaluates the argument supplied and calls the appropriate function (install or uninstall) as needed.

I hope my explanation helps others more quickly figure out how to run a python script with elevated privileges.

User · Answer

I wanted a more enhanced version so I ended up with a module which allows  UAC request if needed  printing and logging from nonprivileged instance  uses ipc and a network port  and some other candies  usage is just insert elevateme   in your script  in nonprivileged it listen for privileged print logs and then exits returning false  in privileged instance it returns true immediately  Supports pyinstaller  prototype    xlogger   a logger in the server nonprivileged script   tport   open port of communication  0 for no comm  printf in nonprivileged window or silent    redir   redirect stdout and stderr from privileged instance  errFile   redirect stderr to file from privileged instance def elevateme xlogger None  tport 6000  redir True  errFile False    winadmin py    usr bin env python   - - coding  utf-8  mode  python  py-indent-offset  4  indent-tabs-mode  nil - -   vim  fileencoding utf-8 tabstop 4 expandtab shiftwidth 4     C  COPYRIGHT    Preston Landers 2010    C  COPYRIGHT    Matteo Azzali 2020   Released under the same license as Python 2 6 5 3 7   import sys  os from traceback import print exc from multiprocessing connection import Listener  Client import win32event  win32com shell shell  win32process import builtins as   builtin     python3    debug suffixes for remote printing dbz   quot  quot   quot  quot   quot  quot   quot  quot      quot J  quot   quot K  quot    quot G  quot    quot D  quot   LOGTAG  quot LOGME  quot   wrconn   None    fake logger for message sending class fakelogger      def   init   self  xlogger None           self lg   xlogger     def write self  a           global wrconn         if wrconn is not None              wrconn send LOGTAG a          elif self lg is not None              self lg write a          else              print LOGTAG a            class Writer        wzconn None     counter   0     def   init   self  tport 6000 authkey b secret password            global wrconn         if wrconn is None              address     localhost   tport              try                  wrconn   Client address  authkey authkey              except                  wrconn   None             wzconn   wrconn             self wrconn   wrconn         self   class   counter  1              def   del   self           self   class   counter- 1         if self   class   counter    0 and wrconn is not None              import time             time sleep 0 1    slows deletion but is enough to print stderr             wrconn send  close               wrconn close            def sendx cls  mesg           cls wzconn send msg               def sendw self  mesg           self wrconn send msg             fake file to be passed as stdout and stderr class connFile        def   init   self  thekind  quot out quot   tport 6000           self cnt   0         self old  quot  quot          self vg Writer tport          if thekind     quot out quot               self kind sys   stdout           else              self kind sys   stderr                def write self   args    kwargs           global wrconn         global dbz         from io import StringIO     Python2 use  from cStringIO import StringIO         mystdout   StringIO           self cnt  1           builtin   print  args    kwargs  file mystdout  end                         handles  quot  n quot  wherever it is  however usually is or string or  n         if  quot  n quot  not in mystdout getvalue                if mystdout getvalue       quot  n quot                      builtin   print  quot A  quot  mystdout getvalue    file self kind  end                     self old    mystdout getvalue               else                     builtin   print  quot B  quot  mystdout getvalue    file self kind  end                     if wrconn is not None                      wrconn send dbz 1  self old                  else                        builtin   print dbz 2  self old  mystdout getvalue    file self kind  end                         self kind flush                   self old  quot  quot          else                  vv   mystdout getvalue   split  quot  n quot                      builtin   print  quot V  quot  vv  file self kind  end                     for el in vv  -1                       if wrconn is not None                          wrconn send dbz 0  self old el                          self old    quot  quot                      else                            builtin   print dbz 3  self old  el  quot  n quot   file self kind  end                             self kind flush                           self old  quot  quot                  self old vv -1       def open self           pass     def close self           pass     def flush self           pass                   def isUserAdmin        if os name     nt           import ctypes           WARNING  requires Windows XP SP2 or higher          try              return ctypes windll shell32 IsUserAnAdmin           except              traceback print exc               print   quot Admin check failed  assuming not an admin  quot               return False     elif os name     posix             Check for root on Posix         return os getuid      0     else          print  quot Unsupported operating system for this module   s quot     os name            exit            raise  RuntimeError   quot Unsupported operating system for this module   s quot     os name     def runAsAdmin cmdLine None  wait True  hidden False        if os name     nt           raise  RuntimeError   quot This function is only implemented on Windows  quot        import win32api  win32con  win32process     from win32com shell shell import ShellExecuteEx      python exe   sys executable     arb  quot  quot      if cmdLine is None          cmdLine    python exe    sys argv     elif not isinstance cmdLine   tuple  list            if isinstance cmdLine   str                arb cmdLine             cmdLine    python exe    sys argv             print  quot original user quot   arb          else              raise  ValueError   quot cmdLine is not a sequence  quot       cmd     quot  s quot      cmdLine 0         params    quot   quot  join    quot  s quot      x   for x in cmdLine 1         if len arb   gt  0          params     quot   quot  arb     cmdDir          if hidden          showCmd   win32con SW HIDE     else          showCmd   win32con SW SHOWNORMAL     lpVerb    runas     causes UAC elevation prompt         print  quot Running quot   cmd  params        ShellExecute   doesn t seem to allow us to fetch the PID or handle       of the process  so we can t get anything useful from it  Therefore       the more complex ShellExecuteEx   must be used         procHandle   win32api ShellExecute 0  lpVerb  cmd  params  cmdDir  showCmd       procInfo   ShellExecuteEx nShow showCmd                                fMask 64                                lpVerb lpVerb                                lpFile cmd                                lpParameters params       if wait          procHandle   procInfo  hProcess               obj   win32event WaitForSingleObject procHandle  win32event INFINITE          rc   win32process GetExitCodeProcess procHandle           print  quot Process handle  s returned code  s quot     procHandle  rc      else          rc   procInfo  hProcess        return rc     xlogger   a logger in the server nonprivileged script   tport   open port of communication  0 for no comm  printf in nonprivileged window or silent    redir   redirect stdout and stderr from privileged instance  errFile   redirect stderr to file from privileged instance def elevateme xlogger None  tport 6000  redir True  errFile False       global dbz     if not isUserAdmin            print   quot You re not an admin  quot   os getpid     quot params   quot   sys argv           import getpass         uname   getpass getuser                    if  tport gt  0               address     localhost   tport        family is deduced to be  AF INET              listener   Listener address  authkey b secret password           rc   runAsAdmin uname  wait False  hidden True          if  tport gt  0               hr   win32event WaitForSingleObject rc  40              conn   listener accept               print   connection accepted from   listener last accepted              sys stdout flush               while True                  msg   conn recv                     do something with msg                 if msg     close                       conn close                       break                 else                      if msg startswith dbz 0  LOGTAG                           if xlogger    None                              xlogger write msg len LOGTAG                             else                              print  quot Missing a logger quot                       else                          print msg                      sys stdout flush               listener close           else   no port connection  its silent             WaitForSingleObject rc  INFINITE           return False     else           redirect prints stdout on  master  errors in error txt         print  quot HIADM quot           sys stdout flush           if  tport  gt  0  and  redir               vox  connFile tport tport              sys stdout vox             if not errFile                  sys stderr vox             else                  vfrs open  quot errFile txt quot   quot w quot                   sys stderr vfrs                           print  quot HI ADMIN quot           return True   def test        rc   0     if not isUserAdmin            print   quot You re not an admin  quot   os getpid     quot params   quot   sys argv          sys stdout flush            rc   runAsAdmin   quot c   Windows  notepad exe quot            rc   runAsAdmin       else          print   quot You are an admin  quot   os getpid     quot params   quot   sys argv          rc   0     x   raw input  Press Enter to exit        return rc      if   name       quot   main   quot       sys exit test

User · Answer

in comments to the answer you took the code from someone says ShellExecuteEx doesn t post its STDOUT back to the originating shell   so you will not see  I am root now   even though the code is probably working fine   instead of printing something  try writing to a file   import os import sys import win32com shell shell as shell ASADMIN    asadmin   if sys argv -1     ASADMIN      script   os path abspath sys argv 0       params       join  script    sys argv 1      ASADMIN       shell ShellExecuteEx lpVerb  runas   lpFile sys executable  lpParameters params      sys exit 0  with open  somefilename txt    w   as out      print  gt  gt  out   i am root    and then look in the file

User · Answer

Here is a solution which needed ctypes module only  Support pyinstaller wrapped program     python   coding  utf-8 import sys import ctypes  def run as admin argv None  debug False       shell32   ctypes windll shell32     if argv is None and shell32 IsUserAnAdmin            return True      if argv is None          argv   sys argv     if hasattr sys    MEIPASS              Support pyinstaller wrapped program          arguments   map unicode  argv 1        else          arguments   map unicode  argv      argument line   u    join arguments      executable   unicode sys executable      if debug          print  Command line     executable  argument line     ret   shell32 ShellExecuteW None  u runas   executable  argument line  None  1      if int ret   lt   32          return False     return None   if   name         main         ret   run as admin       if ret is True          print  I have admin privilege           raw input  Press ENTER to exit        elif ret is None          print  I am elevating to admin privilege           raw input  Press ENTER to exit        else          print  Error ret  d   cannot elevate privilege      ret

User · Answer

make a batch file add python exe  quot  your py file here  quot  with the quotation marks save the batch file right click  then click run as administrator

User · Answer

I found a very easy solution to this problem    Create a shortcut for python exe Change the shortcut target into something like C  xxx     python exe your script py Click  advance     in the property panel of the shortcut  and click the option  run as administrator    I m not sure whether the spells of these options are right  since I m using Chinese version of Windows

User · Answer

Here is a solution with an stdout redirection   def elevate        import ctypes  win32com shell shell  win32event  win32process     outpath   r  s  s out     os environ  TEMP    os path basename   file         if ctypes windll shell32 IsUserAnAdmin            if os path isfile outpath               sys stderr   sys stdout   open outpath   w   0          return     with open outpath   w    0  as outfile          hProc   win32com shell shell ShellExecuteEx lpFile sys executable                lpVerb  runas   lpParameters     join sys argv   fMask 64  nShow 0   hProcess           while True              hr   win32event WaitForSingleObject hProc  40              while True                  line   outfile readline                   if not line  break                 sys stdout write line              if hr    0x102  break     os remove outpath      sys stderr          sys exit win32process GetExitCodeProcess hProc    if   name         main         elevate       main

User · Answer

Also if your working directory is different than you can use lpDirectory      procInfo   ShellExecuteEx nShow showCmd                            lpVerb lpVerb                            lpFile cmd                            lpDirectory  unicode direc                             lpParameters params    Will come handy if changing the path is not a desirable option remove unicode for python 3 X

User · Answer

Thank you all for your reply  I have got my script working with the module  script written by Preston Landers way back in 2010  After two days of browsing the internet I could find the script as it was was deeply hidden in pywin32 mailing list  With this script it is easier to check if the user is admin and if not then ask for UAC  admin right  It does provide output in separate windows to find out what the code is doing  Example on how to use the code also included in the script  For the benefit of all who all are looking for UAC on windows have a look at this code  I hope it helps someone looking for same solution  It can be used something like this from your main script -  import admin if not admin isUserAdmin            admin runAsAdmin     The actual code is -     usr bin env python   - - coding  utf-8  mode  python  py-indent-offset  4  indent-tabs-mode  nil - -   vim  fileencoding utf-8 tabstop 4 expandtab shiftwidth 4     C  COPYRIGHT    Preston Landers 2010   Released under the same license as Python 2 6 5   import sys  os  traceback  types  def isUserAdmin         if os name     nt           import ctypes           WARNING  requires Windows XP SP2 or higher          try              return ctypes windll shell32 IsUserAnAdmin           except              traceback print exc               print  Admin check failed  assuming not an admin               return False     elif os name     posix             Check for root on Posix         return os getuid      0     else          raise RuntimeError   Unsupported operating system for this module   s     os name    def runAsAdmin cmdLine None  wait True        if os name     nt           raise RuntimeError   This function is only implemented on Windows        import win32api  win32con  win32event  win32process     from win32com shell shell import ShellExecuteEx     from win32com shell import shellcon      python exe   sys executable      if cmdLine is None          cmdLine    python exe    sys argv     elif type cmdLine  not in  types TupleType types ListType           raise ValueError   cmdLine is not a sequence       cmd      s      cmdLine 0          XXX TODO  isn t there a function or something we can call to massage command line params      params       join     s      x   for x in cmdLine 1         cmdDir          showCmd   win32con SW SHOWNORMAL      showCmd   win32con SW HIDE     lpVerb    runas     causes UAC elevation prompt         print  Running   cmd  params        ShellExecute   doesn t seem to allow us to fetch the PID or handle       of the process  so we can t get anything useful from it  Therefore       the more complex ShellExecuteEx   must be used         procHandle   win32api ShellExecute 0  lpVerb  cmd  params  cmdDir  showCmd       procInfo   ShellExecuteEx nShow showCmd                                fMask shellcon SEE MASK NOCLOSEPROCESS                                lpVerb lpVerb                                lpFile cmd                                lpParameters params       if wait          procHandle   procInfo  hProcess               obj   win32event WaitForSingleObject procHandle  win32event INFINITE          rc   win32process GetExitCodeProcess procHandle           print  Process handle  s returned code  s     procHandle  rc      else          rc   None      return rc  def test        rc   0     if not isUserAdmin            print  You re not an admin    os getpid     params     sys argv          rc   runAsAdmin   c   Windows  notepad exe            rc   runAsAdmin       else          print  You are an admin    os getpid     params     sys argv         rc   0     x   raw input  Press Enter to exit        return rc   if   name         main         sys exit test

User · Answer

Make sure you have python in path if not win key   r  type in   appdata   without the qotes  open local directory  then go to Programs directory  open python and then select your python version directory  Click on file tab and  select copy path and close file explorer   Then do win key   r again  type control and hit enter  search for environment variables  click on the result  you will get a window  In the bottom right corner click on environmental variables  In the system side find path  select it and click on edit  In the new window  click on new and paste the path in there  Click ok and then apply in the first window  Restart your PC  Then do win   r for the last time  type cmd and do ctrl   shift   enter  Grant the previliges and open file explorer  goto your script and copy its path  Go back into cmd   type in  python  and paste the path and hit enter  Done

User · Answer

It worth mentioning that if you intend to package your application with PyInstaller and wise to avoid supporting that feature by yourself  you can pass the --uac-admin or --uac-uiaccess argument in order to request UAC elevation on start

User · Answer

This worked for me   import win32com client as client  required command    quot cmd quot    Enter your command here  required password    quot Simple1 quot    Enter your password here  def run as required command  required password       shell   client Dispatch  quot WScript shell quot       shell Run f quot runas  user administrator  required command  quot       time sleep 1      shell SendKeys f quot  required password  r n quot   0    if   name        main         run as required command  required password    Below are the references I used for above code  https   win32com goermezer de microsoft windows controlling-applications-via-sendkeys html https   www oreilly com library view python-cookbook 0596001673 ch07s16 html

[python] How to run python script with elevated privilege on windows

Examples related to python

Examples related to windows

Examples related to admin

Examples related to elevated-privileges