Run Explorer as TI

Discussion in 'Scripting' started by Thomas Dubreuil, Nov 9, 2018.

  1. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    110
    155
    10
    #1 Thomas Dubreuil, Nov 9, 2018
    Last edited: Dec 11, 2018 at 03:51
    I made a (small) script to run Explorer as Trusted Installer.

    What the script does:
    It will delete 'CreateExplorerShellUnelevatedTask' if present (this task is created when you try to "elevate" Explorer).
    It will rename "RunAs" value to "_RunAs_" under HKEY_CLASSES_ROOT\AppID{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} registry key (with Nsudo help). This value also prevents Explorer elevation.
    It will launch an Explorer window as Trusted Installer (with Nsudo), and finally sets the registry key back to its default value ("RunAs").

    Credits to: @Mouri_Naruto for Nsudo and @abbodi1406 for the Nsudo script part/idea.
    Warning: USE CAREFULLY, as you will be able to delete protected files and folder.

    -App: I made a small .exe application out of it, with Nsudo embedded: It will extract Nsudo to the script folder, then delete it after the command is executed.

    Code:
    File : RunExplorerShellAsTrustedInstaller.zip
    Last Update: v1.7 - 10/12/2018
    SHA1: 05D57DFCD9CB6D04CF32BB1DCE42BB54E591B924
    https://drop.me/B41erV
    -Script (Note you have to have Nsudo next to the script) :
    Code:
    @echo off
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    "%~dp0NSudo.exe" -U:T -P:E -ShowWindowMode:Hide "%~dpnx0"&exit /b >NUL 2>&1
    )
    
    :OK
    schtasks /query /TN "CreateExplorerShellUnelevatedTask" >NUL 2>&1 && schtasks /Delete /TN "CreateExplorerShellUnelevatedTask" /f >NUL 2>&1
    
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    
    explorer.exe /root,
    
    TIMEOUT /T 3 /nobreak >NUL 2>&1
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    exit
    
    -And another one asking for confirmation before running, followed by a warning:

    Code:
    @echo off
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"&exit /b >NUL 2>&1
    )
    
    :OK
    schtasks /query /TN "CreateExplorerShellUnelevatedTask" >NUL 2>&1 && schtasks /Delete /TN "CreateExplorerShellUnelevatedTask" /f >NUL 2>&1
    
    echo Are you sure you want to run Explorer as Trusted Installer ?
    @pause
    echo Please use carefully!!
    
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    
    explorer.exe /root,
    
    TIMEOUT /T 3 /nobreak >NUL 2>&1
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    exit
    
    -10/12/2018 : Added line to delete "CreateExplorerShellUnelevatedTask" if present.
     
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    8,379
    28,772
    270
    BTW, this is better
    Code:
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"&exit /b
    instead
    Code:
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"
    goto :eof