locked
How do I make a script "Run as administrator" on its own? RRS feed

  • Question

  • Hello,

    Win 8.1, VB scripts or PowerShell

    Having discovered I previously failed to fully study UAC, I now understand why scripts transferred to a new Win 8.1 machine quit working.  They have to be 'Run As Administrator' on the new machine; then they work as before.  While I'm still a little hazy on UAC, but continuing to study, it seems I'm left with a choice.  Please correct my perception of this choice if it's wrong:

    1) I can change my UAC settings (which I actually prefer not to do - I'm a safety guy...)

    2) I must always run my scripts by right clicking to the context menu and clicking "Run As Administrator"

    3) I learn if there is a way for my script to "Run As Administrator" on its own

    Assuming my choices above are correct, I would like to focus on choice 3.

    I've done some amount of research, but I'm not sure any of the solutions I saw actually accomplish choice 3.  Most of those posts indicate that the individual still had to enter a password or perform some other interaction after the script ran, so I'm not sure why the solutions posted were an answer to what was basically the same as my question here.

    Can a script be setup to Run As Administrator without requiring any further user interaction?  I'm wondering if this is actually a self-defeating question, because if a script can be setup as such, then wouldn't it bypass the very purpose UAC was put in place, for protection?  Am I thinking incorrectly?

    If it is possible to write the script so it really runs without further interaction, please point me where I might need to study more.

    Thanks.

    Best Regards,

    Alan


    • Edited by Alan Wheeler Sunday, December 28, 2014 8:15 PM correction
    Sunday, December 28, 2014 8:11 PM

Answers

  • Alan,

    You could try to create a scheduled task that runs the script, save your "admin" credentials in the task and check the box to run with the highest privileges. At that point, running the script should be as easy as right clicking and running the scheduled task.

    Hope that helps,

    Woody


    Woody Colling, MCITP Exchange 2010
    -----Please remember to mark answers appropriately-----

    • Marked as answer by Alan Wheeler Tuesday, December 30, 2014 11:08 PM
    Monday, December 29, 2014 8:24 PM
  • No one can bypass UAC.  A remote script and a scheduled task can execute without a prompt.  A human at the keyboard will get the prompt.


    ¯\_(ツ)_/¯

    • Marked as answer by Alan Wheeler Tuesday, December 30, 2014 11:08 PM
    Tuesday, December 30, 2014 9:05 PM

All replies

  • You can create a shortcut using this:

    start-process cscript test.vbs -Verb RunAs


    ¯\_(ツ)_/¯

    Sunday, December 28, 2014 9:39 PM
  • Hi,

    i think below is the what you want. you can use this code in your script. if you have any furter requirement please do a little reseach it will fulfill all needs

    Start-Process powershell.exe -Credential "TestDomain\Me" -NoNewWindow -ArgumentList "Start-Process powershell.exe -Verb runAs"

    please mark this as helpfull if it helps

    thanks,

    Monday, December 29, 2014 6:09 AM
  • Hi jrv,

    So, I think we've unofficially become friends since you answered my question in .vbs because you know that's where I've been.  I really am trying to transition to .ps1, but thanks for the thought. :-)  I actually did write a test .ps1 using get-vm (which is very cool thank you) but wasn't able to execute it other than running a batch file from the context menu selection 'Run As Administrator'.  The following is the operative line I used in the batch file (it doesn't seem like the -Verb runas worked as I expected it to):

    powershell -executionpolicy remotesigned -file C:\batchFiles\ps\vmstatus.ps1 -Verb runas

    I am getting a book on Powershell to study.

    But, regarding your line above, I think I applied your guidance correctly.  I created a shortcut with the following line in the target box (I'm assuming this is what you were directing me to do. I also assumed I was supposed to add powershell.exe at the beginning of the line you posted above):

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe start-process cscript C:\batchFiles\vmStatus.vbs -Verb RunAs

    Windows seem to add the full path for powershell.exe automatically.  It runs without requiring the context menu selection "Run As Administrator", but it still brings up the UAC message box for permission to continue, which is what I was trying to address in my initial post when I was speaking to the possible self-defeating nature of my question to allow a script to bypass UAC.

    I'm asking to confirm: having the UAC popup is in fact normal behavior that can't be side stepped unless other steps are taken.  So I guess I need to continue research to understand what must be done to allow simple double-clicking of a shortcut to get a seamless execution without actually changing UAC.

    Regarding STscripter's solution, I experienced the same UAC message box, so this post is also in response to that answer.

    Thanks again for your help.

    Best Regards,

    Alan


    Monday, December 29, 2014 5:02 PM
  • you cannot eliminate the UAC popup.


    ¯\_(ツ)_/¯

    Monday, December 29, 2014 5:08 PM
  • There are already dozens of threads in this forum asking how to bypass the UAC prompt.

    The answer is that you cannot bypass the UAC prompt, and this is by design.


    -- Bill Stewart [Bill_Stewart]

    Monday, December 29, 2014 5:09 PM
  • Alan,

    You could try to create a scheduled task that runs the script, save your "admin" credentials in the task and check the box to run with the highest privileges. At that point, running the script should be as easy as right clicking and running the scheduled task.

    Hope that helps,

    Woody


    Woody Colling, MCITP Exchange 2010
    -----Please remember to mark answers appropriately-----

    • Marked as answer by Alan Wheeler Tuesday, December 30, 2014 11:08 PM
    Monday, December 29, 2014 8:24 PM
  • Creating a task that runs with highest privileges (equivalent to 'Run as administrator') does not constitute bypassing the UAC prompt, because you have to have administrative privilege to create the task in the first place.

    -- Bill Stewart [Bill_Stewart]

    Monday, December 29, 2014 8:45 PM
  • Bill,

    I agree. It appears to me that the OPs problem is that he is annoyed by the UAC prompts when attempting to run valid scripts, and is not interested in a PenTest type of bypass. The problem as I understand it is getting the scripts to run without human intervention (UAC prompts), and has nothing to do with bypassing UAC by a non-admin. Alan, care to clarify?

    Thanks,

    Woody


    Woody Colling, MCITP Exchange 2010
    -----Please remember to mark answers appropriately-----

    Tuesday, December 30, 2014 8:59 PM
  • No one can bypass UAC.  A remote script and a scheduled task can execute without a prompt.  A human at the keyboard will get the prompt.


    ¯\_(ツ)_/¯

    • Marked as answer by Alan Wheeler Tuesday, December 30, 2014 11:08 PM
    Tuesday, December 30, 2014 9:05 PM
  • Hi Bill,

    So sorry I missed those threads.  I guess sometimes when one doesn't understand the problem clearly, we don't ask the question, or form the search, properly.  It was quite a journey to finally figure out I'm really just dealing with UAC.  I originally thought I had a script problem.

    Anyway, thanks for the continued patience and help.

    Best Regards,

    Alan

    Tuesday, December 30, 2014 10:44 PM
  • So is your question answered?


    -- Bill Stewart [Bill_Stewart]

    Tuesday, December 30, 2014 10:53 PM
  • Hi Woody,

    Yes, I just wanted to be able to double click a shortcut on the desktop to execute simple scripts for any variety of tasks that can be accomplished more quickly and efficiently by scripts.  My confusion came when my previously running scripts quit running on my replacement machine, which was win 8 upgraded to win 8.1. I didn't understand the new PC was simply doing what it was supposed to; protect the PC.

    I don't really recall changing UAC settings on the previous PC, but sometimes we do things and don't remember doing them (unless it is known that win 8 had different setups, and the upgrade to 8.1 didn't change those).  My previous PC was constantly giving me UAC prompts for everything else, just not for my .vbs scripts.  At any rate, as I've commented in this thread, it took me a while to figure out this was a simple UAC/script issue.  And as you say, I want to keep good security in place, so changing UAC to do this is not the solution I'm looking for.

    I did acknowledge at the top of the thread that maybe I'm asking a bad question because good security shouldn't be easily by-passable.  But then here I am trying to figure out how to do exactly that.

    So far, it's looking like it can't be done.  Although your scheduled task idea seems like a possible candidate.  I guess the idea is to schedule it for quick execution?  So in response to your earlier post, I would right click to Run As Administrator, but after that there would not be a UAC message box.  Is that correct?

    It seems like jrv's simple post gives the fullest answer along with your scheduled task idea.  Now I just need to learn how to create a scheduled task.

    Thanks for joining the thread.

    Best Regards,

    Alan

    Tuesday, December 30, 2014 11:05 PM
  • Hi Bill,

    Maybe.  I'll know for certain after I create the scheduled task solution mentioned elsewhere in this thread.

    Best Regards,

    Alan

    Tuesday, December 30, 2014 11:09 PM