How to force a .bat file to run As Admin upon initial boot?

Discussion in 'Windows 10' started by MonarchX, May 31, 2017.

  1. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,272
    199
    60
    I am making an unattended version of Windows 10 LTSB 2016 RS1 and I need certain BAT files to run with Admin privileges as the first thing when PC boots up for the first time after clean install. I can't figure out how to make it happen... These BAT files have 0 effect now because OS runs them without Admin privileges...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    14,344
    16,353
    340
    Afaik, during that phase it will have the highest level of rights by default.
     
  3. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,272
    199
    60
    It doesn't... at least not when integrated with NTLite.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,272
    199
    60
    I even set UAC to the lowest settings and put BAT files into Low-Risk in Registry and it still launches it as User and not As Administrator. Its a Post-Setup thing, not part of Unattended, so maybe that's the problem...

    This is the script:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,399
    533
    60
    try this
    RUNAS /trustlevel:<TrustLevel> program
    or
    runas /user:adminisrtrator /savecred
     
  6. testtest322

    testtest322 MDL Senior Member

    Nov 20, 2016
    414
    67
    10
    And how to get SYSTEM permissions using runas?
     
  7. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,399
    533
    60
    just users possible with runas
    afaik
     
  8. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    14,344
    16,353
    340
    Just do this, setupcomplete.cmd runs with the highest permissions level possible.
     
  9. s1ave77

    s1ave77 MDL Guide Dog/Dev

    Aug 15, 2012
    14,935
    19,758
    340
    Might be worth mentioning some tweaks need to run in FirstLogon stage of setup, so i normally use FirstLogon.cmd and it only fails if the script code is borked.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. bobkush

    bobkush MDL Novice

    May 22, 2017
    9
    14
    0
    #11 bobkush, Jun 2, 2017
    Last edited: Jun 2, 2017
    Auto Elevate DOS Batch File to Run As Administrator in Windows 10

    The provided code will create a special VBS file which will restart it if it is not running as Administrator. So, if you launch it with limited permissions, you will get a UAC prompt requesting you to elevate privileges before it runs its commands!

    Code:
    REM Add this to beginning of .bat (BATCH) file to Automatically check & get admin rights
    
    @echo off
    CLS
    ECHO.
    ECHO =============================
    ECHO Running Admin shell
    ECHO =============================
    
    :init
    setlocal DisableDelayedExpansion
    set "batchPath=%~0"
    for %%k in (%0) do set batchName=%%~nk
    set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
    setlocal EnableDelayedExpansion
    
    :checkPrivileges
    NET FILE 1>NUL 2>NUL
    if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
    
    :getPrivileges
    if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
    ECHO.
    ECHO **************************************
    ECHO Invoking UAC for Privilege Escalation
    ECHO **************************************
    
    ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
    ECHO args = "ELEV " >> "%vbsGetPrivileges%"
    ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
    ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"
    ECHO Next >> "%vbsGetPrivileges%"
    ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
    "%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*
    exit /B
    
    :gotPrivileges
    setlocal & pushd .
    cd /d %~dp0
    if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)
    
    ::START
    REM - Add BATCH commands you want to run here
    
     
  11. s1ave77

    s1ave77 MDL Guide Dog/Dev

    Aug 15, 2012
    14,935
    19,758
    340
    Scripts running in setupcomplete or firstlogon stage of Windows Setup always run elevated. This was already refrained several times.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,272
    199
    60
    Thank you so much for this! If I already use SetupComplete.cmd for KMS_VL_ALL, then can I just add other commands at the end? I assume I have to add them before the "exit /b" line?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...