If you use batch files to automate tasks on a Vista/Windows 7/Windows 2008,2008r2 computer, you have probably encountered situations when you needed to start a program ELEVATED (as Administrator).
For example, if you want to share a folder automatically from a batch file, you would use the “net share” command. However, unlike many other programs that ask for the administrator’s approval, net share does not do that and simply returns the error code 5 (“access denied”) if it was started by a standard user.
How to force that program to start elevated from a batch file?
There are multiple elevate.exe programs available for free on Internet, I selected two of them:
Usage: elevate [(-c | -k) [-n] [-u]] [-w] command
-c Launches a terminating command processor; equivalent to “cmd /c command”.
-k Launches a persistent command processor; equivalent to “cmd /k command”.
-n When using -c or -k, do not pushd the current directory before execution.
-u When using -c or -k, use Unicode; equivalent to “cmd /u”.
-w Waits for termination; equivalent to “start /wait command”.
Both the hyphen (e.g., -w) and slash (e.g., /w) forms of switches are valid.
When -k is specified, command is optional. Omitting command in this case will simply open an elevated command prompt.
Normally, an elevated command processor will not honor the current directory of an unelevated parent process, thus potentially creating problems with
relative paths. To address this problem, when the -c or -k switches are used, elevate will issue a pushd command to the new command processor to ensure that
it uses the current directory of its parent process. Specifying the -n switch will disable this feature.
elevate /w HashCheckInstall.exe
elevate -k sfc /scannow
elevate /c del %SystemRoot%\Temp\*.*
elevate -c -w copy foo*.* bar
Why this utility?
There are other similar utilities available; for example:
Copy the file Elevate.exe into a folder where Windows can always find it (such as C:/Windows). To use it in a batch file, just prepend the command you want to execute as administrator with the elevate command, like this:
elevate net share ... elevate -noui "c:\batch.bat"
and it should run the command net share as administrator. Of course, it does not relieve the administrator from the duty to approve the request (unless you have enabled the guiet mode of UAC or disabled the UAC altogether).
The syntax of the Elevate command is as follows:
elevate [-opt1] [-opt2...] [path\]file[.exe] [param1 [param2...]] Where -optN can be one of the following: -? - Display the help screen and exit -info - Open the web page with more information (the web page you are reading now!) and exit -wait4idle - Wait for the target process to initialize before returning -wait4exit - Wait for the target process to finish before returning -noui - Don't display any messages, even if an error occurs After the options, the following arguments should be entered: file - The file name of the program to launch elevated paramN - Optional parameters (as expected by the program being launched)
For example, if for some reason you want to run Notepad as administrator, and continue only after you exit Notepad, you would use a command like this:
elevate -wait4exit notepad
If you use the elevate command while being logged in to Windows as a user that does not have a split token, that is as a non-administrator or a guest user, it will ask for the administrator’s password to continue. If you use it as the true administrator (that is, if UAC is disabled, or it you’ve launched the batch file itself as administrator), then no administrator’s approval would be required and it would launch the program as usual.
Can Elevate.exe be used on a Windows XP or Windows 2000 computer, even though they do not have UAC or users with the split tokens? Yes, it can! In such a case, if the batch file is executed by the administrator, then Elevate.exe runs the program as usual, without requiring any additional approval. If run by a restricted user, Elevate.exe has the same effect as the Runas command of Windows XP/2000: it gives the user an option to enter a different user’s credentials to lunch the program.
The return code of the elevate command depends on the result of its execution and whether you have specified the -wait4exit option or not. If the -wait4exit option is NOT specified, then elevate returns code 0 if it started the target process successfully, or an error code as reported by Windows. For example, if Windows could not find the target file, it usually returns code 2. If the file was found, but the administrator did not approve the request to start the program elevated, the return code is 5. And so on.
However, if you have specified the -wait4exit option on the command line, then if the target process was started successfully, the elevate command would wait for it to finish and return the exit code from that process. The returned value in such a case depends on the program being launched be the elevate command. As with other commands, you can access the return code in a batch file via the ERRORLEVEL variable.
Tip: how to extend the shell context menu for directories by an ‘Open Elevated Console here’ entry by adding the following registry entries:
[HKEY_CLASSES_ROOT\Directory\shell\Open Elevated Console here]
@=”Open Ele&vated Console here”
Open Elevated Console here\command]
@=”c:\\path\\to\\elevate.exe /K \”title %1 && color 1a && cd /D %1\””