How to request Administrator access inside a batch file

Question

I am trying to write a batch file for my users to run from their Vista machines with UAC   The file is re-writing their hosts file  so it needs to be run with Administrator permissions   I need to be able to send them an email with a link to the  bat file   The desired behavior is that when they right-click on the file and say Open  they will get one of those UAC dialogs that makes the screen go dark and forces them to answer whether they want to give the application permission to run as administrator   Instead  they are just seeing  Access denied  on the command line window   Is this possible to do differently

User · Answer

There s also the FSUTIL query from this post which is also linked at ss64 com that has the following code    Echo Off Setlocal    First check if we are running As Admin Elevated FSUTIL dirty query  SystemDrive   gt nul if  errorlevel  EQU 0 goto START    Create and run a temporary VBScript to elevate this batch file    Set  batchFile   f0    Set  Args          double up any quotes    Set  batchFile     batchFile          Set  Args   Args           Echo Set UAC   CreateObject   Shell Application     gt    temp   ElevateMe vbs     Echo UAC ShellExecute  cmd     c     batchFile    Args           runas   1  gt  gt    temp   ElevateMe vbs      cscript   temp   ElevateMe vbs      Exit  B   START    set the current directory to the batch file location cd  d   dp0    Place the code which requires Admin elevation below Echo We are now running as admin   1    2  pause   As long as FSUTIL is around  it s a reliable alternative

User · Answer

You can t request admin rights from a batch file  but you could write a windows scripting host script in  temp  and run that  and that in turn executes your batch as admin  You want to call the ShellExecute method in the Shell Application object with  runas  as the verb

User · Answer

Another approach is to  create a shortcut locally and set it to call for Admin permission  Properties  Advanced  Run as Admin   and then  send your users the shortcut  or a link to the shortcut rather than one to the batch file itself

User · Answer

I used multiple examples to patch this working one liner together  This will open your batch script as an ADMIN   Maximized Window Just add one of the following codes to the top of your batch script  Both ways work  just different ways to code it  I believe the first example responds the quickest due to  d switch disabling my doskey commands that I have enabled   EXAMPLE ONE  ECHO OFF IF NOT  quot  1 quot    quot MAX quot   powershell -WindowStyle Hidden -NoProfile -Command  Start-Process CMD -ArgumentList   D  C  -Verb RunAs   amp  START  MAX CMD  D  C  0 MAX  amp  EXIT  B   --------------------------------------------------------------------------------------------------------------------------------------------------------------------     Your original batch code here    --------------------------------------------------------------------------------------------------------------------------------------------------------------------  EXAMPLE TWO  ECHO OFF IF NOT  quot  1 quot    quot MAX quot   powershell -WindowStyle Hidden -NoProfile -Command  quot Start-Process CMD -ArgumentList   C  -Verb RunAs quot   amp  START  MAX CMD  C  quot  0 quot  MAX  amp  EXIT  B   --------------------------------------------------------------------------------------------------------------------------------------------------------------------     Your original batch code here    --------------------------------------------------------------------------------------------------------------------------------------------------------------------  See below for recommendations when using your original batch code Place the original batch code in it s entirety Just because the first line of code at the very top has  ECHO OFF doesn t mean you should not include it again if your original script has it as well  This ensures that when the script get s restarted in a new window now running in admin mode that you don t lose your intended script parameters attributes    Such as the current working directory  your local variables  and so on You could beginning with the following commands to avoid some of these issues    Make sure to use  ECHO OFF if your original code had it  ECHO OFF    Avoid clashing with other active windows variables with SETLOCAL SETLOCAL    Nice color to work with using 0A COLOR 0A    Give your script a name TITLE NAME IT      Ensure your working directory is set where you want it to be    the following code sets the working directory to the script directory folder PUSHD  quot   dp0 quot   THE REST OF YOUR SCRIPT HERE        Signal the script is finished in the title bar ECHO  TITLE Done  NAME IT  PAUSE EXIT

User · Answer

Another PowerShell  Solution     This is not about running a batch script as admin per  but rather how to elevate another program from batch      I have a batch file  wrapper  for an exe   They have the same  root file name   but alternate extensions  I am able to launch the exe as admin  and set the working directory to the one containing the script  with the following one line powershell invocation    powershell  Start-Process -FilePath    n0 exe  -WorkingDirectory    dp0  -Verb RunAs    More info  There are a whole slew of additional Start-Process options as well that you can apply  Check out  https   docs microsoft com en-us powershell module microsoft powershell management start-process view powershell-6  Note that I use the   prefix  That s equivalent to  echo off for the one line   I use   n0 here to get the  root name  of the batch script  then I concatenate the  exe to point it the adjancent binary  The use of   dp0 provides the full path to the directory which the batch resides   And  of course  the -Verb RunAs parameter provides the elevation

User · Answer

Ben Gripka s solution causes infinite loops  His batch works like this  pseudo code    IF  no admin privileges        write a VBS that calls this batch with admin privileges  ELSE      execute actual commands that require admin privileges    As you can see  this causes an infinite loop  if the VBS fails requesting admin privileges   However  the infinite loop can occur  although admin priviliges have been requested successfully   The check in Ben Gripka s batch file is just error-prone  I played around with the batch and observed that admin privileges are available although the check failed  Interestingly  the check worked as expected  if I started the batch file from windows explorer  but it didn t when I started it from my IDE   So I suggest to use two separate batch files  The first generates the VBS that calls the second batch file    echo off  echo Set UAC   CreateObject   Shell Application     gt    temp  getadmin vbs  set params           echo UAC ShellExecute  cmd exe     c     dp0 my commands bat    params         runas   1  gt  gt    temp  getadmin vbs     temp  getadmin vbs  del   temp  getadmin vbs    The second  named  my commands bat  and located in the same directory as the first contains your actual commands   pushd   CD   CD  D    dp0  REM Your commands which require admin privileges here   This causes no infinite loops and also removes the error-prone admin privilege check

User · Answer

This script does the trick  Just paste it into the top of your bat file  If you want to review the output of your script  add a  pause  command at the bottom of your batch file   UPDATE  This script is now slightly edited to support command line arguments and a 64 bit OS   Thank you Eneerge   https   sites google com site eneerge scripts batchgotadmin   echo off     BatchGotAdmin  ------------------------------------- REM  -- gt  Check for permissions     IF   PROCESSOR ARCHITECTURE   EQU  amd64     gt nul 2 gt  amp 1   SYSTEMROOT  SysWOW64 cacls exe    SYSTEMROOT  SysWOW64 config system    ELSE    gt nul 2 gt  amp 1   SYSTEMROOT  system32 cacls exe    SYSTEMROOT  system32 config system     REM -- gt  If error flag set  we do not have admin  if   errorlevel   NEQ  0        echo Requesting administrative privileges        goto UACPrompt   else   goto gotAdmin     UACPrompt     echo Set UAC   CreateObject   Shell Application     gt    temp  getadmin vbs      set params         echo UAC ShellExecute  cmd exe     c     s0    params              runas   1  gt  gt    temp  getadmin vbs         temp  getadmin vbs      del   temp  getadmin vbs      exit  B   gotAdmin     pushd   CD       CD  D    dp0   --------------------------------------          lt YOUR BATCH SCRIPT HERE gt

User · Answer

echo off and title can come before this code   net session gt nul 2 gt  amp 1 if  errorlevel   0 goto main echo CreateObject  Shell Application   ShellExecute    f0            runas  gt   temp  elevate vbs    temp  elevate vbs  del   temp  elevate vbs  exit   main      lt code goes here gt  exit   A lot of the other answers are overkill if you don t need to worry about the following    Parameters Working Directory  cd   dp0 will change to the directory containing the batch file

User · Answer

I know this is not a solution for OP  but since I m sure there are many other use cases here  I thought I would share   I ve had problems with all the code examples in these answers but then I found   http   www robotronic de runasspcEn html  It not only allows you to run as admin  it checks the file to make sure it has not been tampered with and stores the needed information securely   I ll admit it s not the most obvious tool to figure out how to use but for those of us writing code it should be simple enough

User · Answer

Here s a one-liner I ve been using    echo off if not   1    am admin   powershell start -verb runas   0  am admin  amp  exit  b   echo main code here pause   Notes    Only tested on windows 7 and 10  you might have to mess around with the quoting Doesn t support passing along arguments for now

User · Answer

Since I have troubles with this script popping up a new command prompt with itself run again  in infinite loop  using Win 7 Pro   I suggest you try another approach  How can I auto-elevate my batch file  so that it requests from UAC administrator rights if required   Be careful  you have to add this at the end of script  as stated in an edit  so that you are back to script directory after privileges were elevated       cd  d   dp0

User · Answer

echo off  Net session  gt nul 2 gt  amp 1     PowerShell start -verb runas    0   amp exit  b  Echo Administrative privileges have been got   amp  pause   The above works on my Windows 10 Version 1903

User · Answer

Here is my code  It looks big but it is mostly comment lines  the lines starting with       Features    Full argument forwarding Does not change working folder Error handling Accepts paths with parenthesis  except for  TEMP  folder  Supports UNC paths Mapped folder check  Warn  s you if admin can  t access mapped drive  Can be used as an external library  check my post at this topic  https   stackoverflow com a 30417025 4932683  Can be called when if needed anywhere in your code   Just attach this to the end of your batch file  or save it as a library  check above                                                                                RequestAdminElevation FilePath       goto eof        By    Cyberponk      v1 5 - 10 06 2016 - Changed the admin rights test method from cacls to fltmc             v1 4 - 17 05 2016 - Added instructions for arguments with   char             v1 3 - 01 08 2015 - Fixed not returning to original folder after elevation successful             v1 2 - 30 07 2015 - Added error message when running from mapped drive             v1 1 - 01 06 2015        Func  opens an admin elevation prompt  If elevated  runs everything after the function call  with elevated rights     Returns  -1 if elevation was requested              0 if elevation was successful              1 if an error occured        USAGE     If function is copied to a batch file         call  RequestAdminElevation    dpf0        goto eof       If called as an external library  from a separate batch file          set   DeleteOnExit 0  on Options         call  RequestAdminElevation    dpf0        goto eof   amp  amp  CD  D  CD        If called from inside another CALL  you must set   ThisFile   dpf0  at the beginning of the file        call  RequestAdminElevation    ThisFile         goto eof       If you need to use the   char in the arguments  the calling must be done like this  and afterwards you must use  args  to get the correct arguments          set  args              call  RequestAdminElevation         use one of the above but replace the    with  args    a           set  args  args  a                                                                                   setlocal ENABLEDELAYEDEXPANSION  amp  set   FilePath   1    if NOT EXIST    FilePath    echo Read RequestAdminElevation usage information       UAC ShellExecute only works with 8 3 filename  so use   s1   set   FN    ns1   amp  echo  TEMP   findstr  C      gt nul  amp  amp   echo ERROR    TEMP   path can not contain parenthesis  amp pause  amp endlocal  amp fc   2 gt nul  amp  goto eof       Remove parenthesis from the temp filename   set  FN   FN       set  vbspath   temp      FN     vbs   amp  set   batpath  temp      FN     bat        Test if we gave admin rights   fltmc  gt nul 2 gt  amp 1    goto   getElevation       Elevation successful    if exist   vbspath    del   vbspath      amp   if exist   batpath    del   batpath           Set ERRORLEVEL 0  set original folder and exit   endlocal  amp  CD  D    dp1   amp  ver  gt nul  amp  goto eof      getElevation   echo Requesting elevation         Try to create   vbspath  file  If failed  exit with ERRORLEVEL 1   echo Set UAC   CreateObject   Shell Application     gt    vbspath      echo  amp echo Unable to create   vbspath   amp  endlocal  amp md  2 gt nul  amp goto eof     echo UAC ShellExecute    batpath             runas   1  gt  gt    vbspath   amp  echo wscript Quit 1  gt  gt    vbspath       Try to create   batpath  file  If failed  exit with ERRORLEVEL 1   echo      gt     batpath       echo  amp echo Unable to create   batpath   amp  endlocal  amp md  2 gt nul  amp goto eof    echo  if   errorlevel    9009  echo   amp echo Admin user could not read the batch file  If running from a mapped drive or UNC path  check if Admin user can read it    amp echo   amp   if   errorlevel   NEQ 0 pause  gt  gt     batpath         Run   vbspath   that calls   batpath   that calls the original file     vbspath   amp  amp   echo  amp echo Failed to run VBscript   vbspath   amp endlocal  amp md  2 gt nul  amp  goto eof        Vbscript has been run  exit with ERRORLEVEL -1   echo  amp echo Elevation was requested on a new CMD window  amp endlocal  amp fc   2 gt nul  amp  goto eof                                                                               Example on how to use it   EXAMPLE  echo off      Run this script with elevation  call  RequestAdminElevation    dpfs0        goto eof    echo I now have Admin rights    echo    echo Arguments using   args        args    echo Arguments using           echo   1    1   echo   2    2   echo   3    3    echo    echo Current Directory   CD    echo    echo This file   0   echo   pause  amp goto eof   here you paste the RequestAdminElevation function code

User · Answer

use the runas command   But  I don t think you can email a  bat file easily

User · Answer

Use mshta to prompt for admin rights    echo off net session  gt nul 2 gt  amp 1  amp  amp  goto  admintasks MSHTA  javascript  var shell   new ActiveXObject  shell application    shell ShellExecute    nx0            runas   1  close     exit  b  admintasks rem ADMIN TASKS HERE   Or  using powershell   powershell -c Start-Process    nx0  -Verb runas

User · Answer

Based on post by toster-cx and other interesting posts on this page  I got  insight on how to configure and solve my problem  I had similar issue where I wished that Disk Cleanup utility runs every week twice on Monday and Thursday during lunch hours  say 2 pm   However  this required elevated rights    Sharing batch file which might help other beginners like me -    echo off echo  Welcome to scheduling  PC Maintenance Activity  ping localhost -n 3  gt nul echo -- Step - 1 of 3   Please give  Admin  rights on next screen ping localhost -n 5  gt nul if not   1    am admin   powershell start -verb runas   0  am admin  amp  exit  cls echo -- Step - 2 of 3   In next screen  select temp areas for cleaning  during routine scheduled activity ping localhost -n 3  gt nul C  Windows System32 cleanmgr exe  sageset 112 cls echo    Now scheduling maintenance activity    SchTasks  Create  SC WEEKLY  D MON THU  TN PC Cleanup  TR   C  Windows System32 cleanmgr exe   sagerun 112  ST 14 00  cls  echo                         -- Thanks for your co-operation -- echo                    -- Maintenance activity is scheduled for -- echo                       -- Every Monday and Thursday at 2 pm --  ping localhost -n 10  gt nul   Thanks a lot for this forum and Rems POST here  https   www petri com forums forum windows-scripting general-scripting 32313-schtasks-exe-need-to-pass-parameters-to-script  1   His post helped for configuring optional argument while scheduling the task

[batch-file] How to request Administrator access inside a batch file

Examples related to batch-file

Examples related to command-line

Examples related to uac

Examples related to elevated-privileges