Remove From My Forums

runas /truslevels or alternative to achieve similar outcome

Question
0

Sign in to vote

Hello All,

With the new UAC levels that can be set in Windows, there is a need for some of our applications, that it should be run as the administrator user, or with a user with enough credentials to do the actions as needed.

For these applications, what we would do to run it, is the following: the commands to execute the application are in a *.bat file, and then I would right click the bat file, and say run as administrator. Most of the applications are java apps, and it typically has the following command format in the bat file:

java -cp <jar files> <executable> <input params>

How can I modify this bat script, so that I do not need to right click and say 'run as admin' anymore, but that it is rather built in to the command, that it should run as admin? I do not mind if it then asks for a password...

I have been looking at c:\windows\system32\runas.exe, more specifically the /trustlevel option, but i could not get very far with that. Can anyone please help me out, with an alternative method of achieving what I want, or any help with using the runas application.

Thank you,

Harriet

Thursday, August 19, 2010 7:53 AM

Answers

Hello All,

the solution to my problem, is to run the script commands in an elevated command prompt. The following code will check if the command prompt is elevated, and if not, close it, and re-launches an elevated command prompt:

echo off
ver | find "2003" > nul
if %ERRORLEVEL% == 0 goto ver_2003
ver | find "XP" > nul
if %ERRORLEVEL% == 0 goto ver_xp
ver | find "2000" > nul
if %ERRORLEVEL% == 0 goto ver_2000
ver | find "NT" > nul
if %ERRORLEVEL% == 0 goto ver_nt
if not exist %SystemRoot%\system32\systeminfo.exe goto warnthenexit
systeminfo | find "OS Name" > %TEMP%\osname.txt
FOR /F "usebackq delims=: tokens=2" %%i IN (%TEMP%\osname.txt) DO set vers=%%i
echo %vers% | find "Windows 7" > nul
if %ERRORLEVEL% == 0 goto ver_7
echo %vers% | find "Windows Server 2008" > nul
echo %vers% | find "Windows Vista" > nul
if %ERRORLEVEL% == 0 goto ver_vista
goto warnthenexit

::
:ver_xp
:ver_2000
:ver_nt
  rem echo off
  echo Using normal command prompt
goto exit

:ver_2003
:ver_7
:ver_2008
:ver_vista
  rem echo off
  echo Using elevated command prompt
  @echo off
  setlocal enabledelayedexpansion

  set CmdDir=%~dp0
  set CmdDir=%CmdDir:~0,-1%

  :: Check for Mandatory Label\High Mandatory Level
  whoami /groups | find "S-1-16-12288" > nul
  if "%errorlevel%"=="0" (
    echo Running as elevated user. Continuing script.
  ) else (
    echo Not running as elevated user.
    echo Relaunching Elevated: "%~dpnx0" %*

    if exist "%CmdDir%\elevate.cmd" (
      set ELEVATE_COMMAND="%CmdDir%\elevate.cmd"
    ) else (
      set ELEVATE_COMMAND=elevate.cmd
    )

    set CARET=^^
    !ELEVATE_COMMAND! cmd /k cd /d "%~dp0" !CARET!^& call "%~dpnx0" %*
    goto :EOF
  )
goto exit

:warnthenexit
echo Machine undetermined. 
:exit<br/>
<br/>
----your commands to be executed as elevated goes here!!!---------<br/>
<br/>

Marked as answer by harriet_001 Monday, August 30, 2010 8:34 AM

Monday, August 30, 2010 8:33 AM

All replies

0

Sign in to vote

Hi,

Thanks for the post!

There is a workaround I would like to recommend to you. You can take the following suggestions to run an application without prompting. Please try to create a shortcut with highest privileges:

1. Click Start, right click on Computer and choose “Manage”

2. Click “Task Scheduler” on the left panel

3. Click “Create Task” on the right panel

4. Type a name for the task

5. Check “Run with highest privileges.”

6. Click Triggers tab

7. Click New

8. Select “At log on” under begin task

9. Select “Specific User Or Group”. This ensures the task only runs at log on for you and not all users. Running for all users would be a security risk due to program running under your User Account with Administrative Access.

10. Click OK

11. Click Actions tab

12. Click “New…”

13. Browse to the program in the “Program/script” box. Click OK

14. Click the Conditions tab

15. Uncheck “Start the task only if the computer is on AC power”

16. Click the Settings tab

17. Uncheck “Stop the task if it runs longer then”

18. Click OK

19. On desktop, right click, choose New and click “shortcut”

20. In the box type: schtasks.exe /run /tn TaskName where TaskName is the name of task you put in on the basics tab and click next.

21. Type a name for the shortcut and click Finish

Now, you can double click the shortcut to run the program.

Hope it helps.

Best Regards,

Miya Yao
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Monday, August 23, 2010 9:24 AM
0

Sign in to vote

Hello Folks!

I have a .bat file, for the purpose of starting up a java application. This bat file, contains a few commands, setting up the propper environment for the script to be executed successfully. It worked perfectly on XP systems, but now for Windows 7 (and also Vista) I have problems. The bat file, and all the jar files that is needed to execute, plus the jar file containing the main java class, all lies in the same directory.

NOW...

If I turn UAC OFF, and I double click on the bat file, it executes just fine.

With UAC turned ON, if I ran the bat file from an elevated command prompt, it executes fine.

BUT, with UAC turned ON, if I right click and say "Run as Administrator", then I get a number of exceptions, stating that it cannot find the classes to be executed. To me it seems that in the underlying architecture, the directory from which the application is executed is changed somehow(not my code, but by windows).

Has anyone experienced the same scenario? And if you have, can you please give me some advice? I have also tried making a shortcut, and setting a property on the shortcut to "Run as Administrator", but it also did not work for me; it gave the same outcome as above, printing out exceptions that it cannot find the class.

I would really appreciate your input.

Regards,

Harriet

Tuesday, August 24, 2010 10:07 AM
0

Sign in to vote

Hi,

Do you try the method I provided before? Please follow that and give me any update.

Also ,I would like to know the reason if you do not want to try that.

Regards,

Miya Yao
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Wednesday, August 25, 2010 8:48 AM
0

Sign in to vote

Hey Miya,thanks for your time to answer!

No I have not tried it, because doing it this way will not suit my needs. I have a couple of these bat files that needs to be run with elevated permissions, not just one. The scripts should only execute when they are double clicked, and not on some schedule or at startup. We are a development house, this is not for personal use.

This problem is not fixed yet, I am now investigating a new set of powertools that can apparently be used for elevation. The name of the app is also elevate. However for my needs it is still not working. I get some UnsatisfiedLink errors, although i checked that the jni class it is looking for is on the PATH. So I am looking at that at the moment....

Wednesday, August 25, 2010 9:50 AM
0

Sign in to vote

Hi,

Since your environment is quite complicated, I suggest you ask questions in Script Center, it’s more professional and could resolve your questions efficiently.

Thanks for your understanding!

Regards,

Miya Yao
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thursday, August 26, 2010 9:04 AM

Hello All,

echo off
ver | find "2003" > nul
if %ERRORLEVEL% == 0 goto ver_2003
ver | find "XP" > nul
if %ERRORLEVEL% == 0 goto ver_xp
ver | find "2000" > nul
if %ERRORLEVEL% == 0 goto ver_2000
ver | find "NT" > nul
if %ERRORLEVEL% == 0 goto ver_nt
if not exist %SystemRoot%\system32\systeminfo.exe goto warnthenexit
systeminfo | find "OS Name" > %TEMP%\osname.txt
FOR /F "usebackq delims=: tokens=2" %%i IN (%TEMP%\osname.txt) DO set vers=%%i
echo %vers% | find "Windows 7" > nul
if %ERRORLEVEL% == 0 goto ver_7
echo %vers% | find "Windows Server 2008" > nul
echo %vers% | find "Windows Vista" > nul
if %ERRORLEVEL% == 0 goto ver_vista
goto warnthenexit

::
:ver_xp
:ver_2000
:ver_nt
  rem echo off
  echo Using normal command prompt
goto exit

:ver_2003
:ver_7
:ver_2008
:ver_vista
  rem echo off
  echo Using elevated command prompt
  @echo off
  setlocal enabledelayedexpansion

  set CmdDir=%~dp0
  set CmdDir=%CmdDir:~0,-1%

  :: Check for Mandatory Label\High Mandatory Level
  whoami /groups | find "S-1-16-12288" > nul
  if "%errorlevel%"=="0" (
    echo Running as elevated user. Continuing script.
  ) else (
    echo Not running as elevated user.
    echo Relaunching Elevated: "%~dpnx0" %*

    if exist "%CmdDir%\elevate.cmd" (
      set ELEVATE_COMMAND="%CmdDir%\elevate.cmd"
    ) else (
      set ELEVATE_COMMAND=elevate.cmd
    )

    set CARET=^^
    !ELEVATE_COMMAND! cmd /k cd /d "%~dp0" !CARET!^& call "%~dpnx0" %*
    goto :EOF
  )
goto exit

:warnthenexit
echo Machine undetermined. 
:exit<br/>
<br/>
----your commands to be executed as elevated goes here!!!---------<br/>
<br/>

Marked as answer by harriet_001 Monday, August 30, 2010 8:34 AM

Monday, August 30, 2010 8:33 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

runas /truslevels or alternative to achieve similar outcome

Question

Answers

All replies