This is the universal and best solution for this:
If WScript.Arguments.Count <> 1 Then WScript.Quit 1
RunAsAdmin
Main
Sub RunAsAdmin()
Set Shell = CreateObject("WScript.Shell")
Set Env = Shell.Environment("VOLATILE")
If Shell.Run("%ComSpec% /C ""NET FILE""", 0, True) <> 0 Then
Env("CurrentDirectory") = Shell.CurrentDirectory
ArgsList = ""
For i = 1 To WScript.Arguments.Count
ArgsList = ArgsList & """ """ & WScript.Arguments(i - 1)
Next
CreateObject("Shell.Application").ShellExecute WScript.FullName, """" & WScript.ScriptFullName & ArgsList & """", , "runas", 5
WScript.Sleep 100
Env.Remove("CurrentDirectory")
WScript.Quit
End If
If Env("CurrentDirectory") <> "" Then Shell.CurrentDirectory = Env("CurrentDirectory")
End Sub
Sub Main()
'Your code here!
End Sub
Advantages:
1) The parameter injection is not possible.
2) The number of arguments does not change after the elevation to administrator and then you can check them before you elevate yourself.
3) You know for real and immediately if the script runs as an administrator. For example, if you call it from a control panel uninstallation entry, the RunAsAdmin function will not run unnecessarily because in that case you are already an administrator. Same thing if you call it from a script already elevated to administrator.
4) The window is kept at its current size and position, as it should be.
5) The current directory doesn't change after obtained administrative privileges.
Disadvantages: Nobody