In the Windows 10 command line, when a normal user who does not have administrative privileges tries to launch a program that requires administrative privileges, you will be asked to enter administrator's ID and password.
This is a security feature introduced in Windows Vista called UAC, which prevents bad programs from changing system settings without permission.
Therefore, this page describes the procedure to use batch to run programs that require administrator privileges with built-in ID and password .
This is not a technology to be used regularly, as it may cause security problems, and it is necessary to understand the disadvantages before using it.
Also, even though you are running as an administrator from batch, The error message "The requested operation requires elevation (Run as administrator)." or "Please run as administrator" may appear and you cannot run the program.
The following is a summary of how to change privileges on the command line in such cases.
There are two major situations when access is denied due to lack of privileges.
For example, if you log in as a normal user with no administrative privileges and try to write a file to a Windows system folder, you will see the following message.
> echo testwrite > %windir%\test.txt
Access denied.
In this case, you may not have enough permissions to access the destination folder.
You can use the dir /q
command to check the owner, the
It is necessary to check the owner using the dir /q
command, and grant access using the icacls
command or the takeown
command.
I will skip this section.
You may get the following message even though you are the administrator.
I'm running as an administrator! I'm running as an administrator!
"The requested operation requires elevation (Run as administrator)."
The following is a description of what to do in this case.
The runas command can be used to run a program with a specified user.
runas /user:Administrator "cmd"
This will launch cmd (command prompt) with the privileges of the user's name, and can also be run from powershell.
Now you can launch the command prompt with administrative privileges.
However, if you try to use the "netsh" command to change anything related to Internet settings in this state However, if you try to change anything related to the Internet settings with the "netsh" command, etc., you will be told that you do not have enough privileges. (The same lack of privileges can also occur with other commands that change the machine's settings.
ActiveDirectory authentication If you are using Active Directory authentication to login windows system , and you switch to Active Directory administrator privileges, you will get the same error.
This is because the runas command does not grant enough privileges when switching users.
You can check your current privileges by using the whoami
command.
The `whoami' command is a Windows command to check your own user information.
The `whoami' command is a command to check your user information on Windows. whoami alone can check your user name.
Let's look at an example of running it on the command line. Here is an example of a user promoted from normal user privileges to Administrator using the runas command.
> whoami
amaji-devterm\Administrator
> whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
Even though you are an Administrator user, the Administrator invoked by the runas command has few privileges. As described below, let's compare the privileges with those of a command prompt launched with proper UAC authentication.
When you run a program with administrative privileges, the entire desktop will go black and you will be asked to enter the ID and password required for administrative privileges. Also, if you are already an administrator user account, you will be asked to confirm that you are really okay to run the program.
The Windows OS from Windows Vista onwards has a User Account Control (UAC) function, which allows you to control the user's access to the system. This feature prevents users from calling programs that require privileges, which could inadvertently change the system.
When a user tries to perform a task that requires administrative privileges, the system temporarily switches to a special authentication screen and asks the user for manual authentication (ID and password input). This is also a way to prevent suspicious automated programs from accepting input*.
UAC mechanism, Session 0 isolation specification
This is also a way to avoid accepting input from suspicious automated programs.
Microsoft's isolation 0 specification published for better understanding!
If you want to create a service that can run in the background on Windows and interact dynamically, you need to know about it.
This happens when you do something like the following.
If the UAC appears, it will stop the work that you really want to complete the operation only with the command line. (From a security point of view, you're right, and under normal circumstances, you should authenticate every time.
Switch the execution user with the runas command, and rerun the program from your own user in powershell. If it's a poweshell start-process function, the user will have the same privileges as when they logged in, and if the executor is the user themselves, they will have the same privileges as when they logged in. If the executor is the user himself, the UAC will not be displayed.
runas /user:username cmd
powershell start-process cmd -verb runas
If you put it on one line, it looks like this.
runas /user:username "powershell start-process cmd -verb runas"
The same command can be used under Active Directory management.
runas /user:username@ad-server.local "powershell start-process cmd -verb runas"
If you run this, you will be prompted for a password at the command prompt. If the password is correct, you will be able to run commands with administrative privileges and without UAC.
This is what it looks like in the diagram.
By using powershell, which is available as a standard feature in Windows, you you can even omit manual entry of IDs and passwords.
Specifically, we manually create Windows credentials, and use the credentials to start a new program .
With this, you can incorporate passwords into the batch and fully automate the process.
Of course, it is not recommended to write passwords in plain text on the batch, so please be careful when using it.
A sample code for powershell is provided below.
This will allow a normal user to launch the command prompt with privileged administrative privileges. You can skip the UAC and password entry every time. You can now launch the cmd program with privileged administrative privileges, skipping the UAC and password entry each time.
$uid = "userid"
$pw = "password"
$secPw = ConvertTo-SecureString -String $pw -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $uid, $secPw
Start-Process powershell -Credential $cred -WindowStyle Minimized -ArgumentList "-noexit -command Start-Process cmd -verb runas"
From the command prompt that is launched after executing the above, check your own permissions.
> whoami
Administrator
> whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
========================================= ================================================================== ========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled
If you just got administrator privileges with the runas command, you only had five privileges. But this one has a lot of privileges.
if standard input is not working
When launching a new command prompt using the above powershell, keyboard input to the launched console may not work.
If I launch a command prompt (cmd) or poewrshell with different user privileges via Powershell's Start-Process, I get in some cases, standard input (input from the keyboard) does not work properly.
This is probably due to the fact that stdin is not assigned to the newly created process.
System.Diagnostics.Process.Start() may be solve the problem.
In addition, when launching another powershell or cmd from the powershell console, the above problem does not occur.
The problem seems to be when you launch powershell from cmd with a one-liner to start another process.
The powershell script described in the section "Elevating privileges with PowerShell Credentials" can be used as a one-liner. If you put the powershell script described in the "Elevating Privileges with PowerShell Credentials" section into a one-liner, you can run it from powershell or from the command prompt with You can run the program with administrative privileges from powershell, from the command prompt, or from
+ 's "Run as" command. The program can be launched with administrative privileges.To enable the program to be run with administrative privileges from a shortcut, just write the contents discussed in the section "Launching with privileged administrative privileges with a one-line command" in the shortcut. You just need to write it in the shortcut.
Even if you are registered in the Administrator group, when you try to run a program that requires privileges However, the Windows Task Scheduler does not have a UAC dialog.
However, tasks registered in the Windows Task Scheduler with the "Run as Administrator" setting can be executed without the UAC dialog. However, tasks registered with the "Run as administrator" setting in the Windows Task Scheduler can be run as administrator without the UAC dialog. This can be used to launch tasks from batches, etc. without issuing a UAC.
This is more secure than embedding the administrator's ID or PW directly in the batch.
In this case we will use the command line to regist task to windows taskscheduler.
Let's register the necessary commands to the task scheduler with administrative privileges. Since administrative privileges (UAC authentication) are required to run the Windows registry, let's specify regedit.exe.
schtasks /CREATE /TN hello_planc /TR "C:\Windows\regedit.exe" /SC ONCE /ST 00:00 /RL highest /F
The options for the schtasks command are as follows
For the task name, register the appropriate "hello_planc" for testing.
Here, I wrote "ONCE" for the /SC option. ONCE is a kind of task that is executed only once at a specified date and time.
at /ST option, The time to be executed is specified in 24-hour format (HH:mm), but in this case In this case, I will specify 00:00.
When the program is executed and registered successfully, the following message will be displayed.
WARNING: Task may not run because /ST is earlier than current time.
SUCCESS: The scheduled task "hello_planc" has successfully been created.
You can check the registration status with the following command.
schtasks /Query /v /tn hello_planc
Next, let's run the registered "hello_planc" task from the command line.
schtasks /RUN /TN hello_planc
Programs that normally require UAC (e.g. regedit, etc.) can be launched without UAC.
You can remove it with the following.
schtasks /DELETE /TN hello_planc
You will be prompted to enter "y" to complete the deletion.
WARNING: Are you sure you want to remove the task "hello_planc" (Y/N)? y
SUCCESS: The scheduled task "hello_planc" was successfully deleted.
the task I created was successfully deleted.
Once you've created the shortcut, all you have to do is
! and, you can easily launch the created task.You just create shortcut to schtasks /RUN /TN hello_planc
command.
UAC is a security protection mechanism that prevents unintended programs from running.
Just because it's convenient doesn't mean it's a security problem to run batches with privileges without going through UAC. Please be careful. (Of course, I can't take responsibility for this. ;-) )
Update | ModifiedContent |
---|---|
none |
Thank you for your message.
Sorry. The Error has occurred.We apologize for the inconvenience.Please try again in a few minutes or contact us via DM below.
Twitter:@NodachiSoft_engName:Send the following information to us. If you are happy with your submission, please click "Send". If you want to modify it, please click "Back".
Name: