I have a small script that performs the build and install process on Windows for a Bazaar repository I'm managing. I'm trying to run the script with elevated, administrative privileges from within the Windows shell (cmd.exe)--just as if I'd right-clicked it and chosen Run as Administrator, but without using any method that requires use of the graphical interface.
问题:
回答1:
A batch/WSH hybrid is able to call ShellExecute to display the UAC elevation dialog...
@if (1==1) @if(1==0) @ELSE @echo off&SETLOCAL ENABLEEXTENSIONS >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"||( cscript //E:JScript //nologo "%~f0" @goto :EOF ) echo.Performing admin tasks... REM call foo.exe @goto :EOF @end @ELSE ShA=new ActiveXObject("Shell.Application") ShA.ShellExecute("cmd.exe","/c \""+WScript.ScriptFullName+"\"","","runas",5); @end
回答2:
Press the start button. In the search box type "cmd", then press Ctrl+Shift+Enter
回答3:
All you have to do is use the runas
command to run your program as Administrator (with a caveat).
runas /user:Administrator "cmdName parameters"
In my case, this was
runas /user:Administator "cmd.exe /C %CD%\installer.cmd %CD%"
Note that you must use Quotation marks, else the runas command will gobble up the switch option to cmd.
Also note that the administrative shell (cmd.exe) starts up in the C:\Windows\System32 folder. This isn't what I wanted, but it was easy enough to pass in the current path to my installer, and to reference it using an absolute path.
The caveat to using runas this way is this: The administrative account must be enabled, which is not the default on Windows 7 or Vista. However, here is a great tutorial on how to enable it, in three different ways:
I myself enabled it by opening Administrative Tools, Local Security Policy, then navigating to Local Policies\Security Options and changing the value of the Accounts: Administrative Account Status policy to Enabled, which is none of the three ways shown in the link.
An even easier way:
C:> net user Administrator /active:yes
回答4:
:: ------- Self-elevating.bat -------------------------------------- @whoami /groups | find "S-1-16-12288" > nul && goto :admin set "ELEVATE_CMDLINE=cd /d "%~dp0" & call "%~f0" %*" findstr "^:::" "%~sf0">temp.vbs cscript //nologo temp.vbs & del temp.vbs & exit /b ::: Set objShell = CreateObject("Shell.Application") ::: Set objWshShell = WScript.CreateObject("WScript.Shell") ::: Set objWshProcessEnv = objWshShell.Environment("PROCESS") ::: strCommandLine = Trim(objWshProcessEnv("ELEVATE_CMDLINE")) ::: objShell.ShellExecute "cmd", "/c " & strCommandLine, "", "runas" :admin ------------------------------------------------------------- @echo off echo Running as elevated user. echo Script file : %~f0 echo Arguments : %* echo Working dir : %cd% echo. :: administrator commands here :: e.g., run shell as admin cmd /k
For a demo: self-elevating.bat "path with spaces" arg2 3 4 "another long argument"
And this is another version that does not require creating a temp file.
:admin ----------------------------------------------------------- @echo off echo Running as elevated user. echo Script file : %~f0 echo Arguments : %* echo Working dir : %cd% echo. :: administrator commands here :: e.g., run shell as admin cmd /k
回答5:
Browse to C:\windows\System32
and right click on cmd.exe
and run as Administrator. Worked for me on Windows 7.
If you are trying to run a script with elevated privileges you could do the same for the script file or use the scheduler's run as a different user option to run the script.
回答6:
I would set up a shortcut, either to CMD or to the thing you want to run, then set the properties of the shortcut to require admin, and then run the shortcut from your batch file. I haven't tested to confirm it will respect the properties, but I think it's more elegant and doesn't require activating the Administrator account.
Also if you do it as a scheduled task (which can be set up from code) there is an option to run it elevated there.
回答7:
Although @amr ali's code was great, I had an instance where my bat file contained >
signs, and it choked on them for some reason.
I found this instead. Just put it all before your code, and it works perfectly.
REM --> Check for permissions >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" REM --> If error flag set, we do not have admin. if '%errorlevel%' NEQ '0' ( echo Requesting administrative privileges... goto UACPrompt ) else ( goto gotAdmin ) :UACPrompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" "%temp%\getadmin.vbs" exit /B :gotAdmin if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" ) pushd "%CD%" CD /D "%~dp0" :--------------------------------------
回答8:
Simple pipe trick, ||
, with some .vbs used at top of your batch. It will exit regular and restart as administrator.
@AT>NUL||echo set shell=CreateObject("Shell.Application"):shell.ShellExecute "%~dpnx0",,"%CD%", "runas", 1:set shell=nothing>%~n0.vbs&start %~n0.vbs /realtime& timeout 1 /NOBREAK>nul& del /Q %~n0.vbs&cls&exit
It also del /Q
the temp.vbs when it's done using it.