6

I have a script that runs in 2 parts. The first part requires admin access (updates HOSTS file and does some copying/overwriting). After that part finishes, I need to map a drive using the hostname alias the first part of the script updated.

I have figured out how to get the elevated privileges by using this SO Question. But mapping a drive (while in admin) maps a drive into the admin's session. I need to "de-elevate" back into user mode to run my second script.

This is a script I run at least once every day, and possibly multiple times per day. I am trying to create a solution that is just 1 .bat file, if possible. For reasons, the scripts are written in perl.

Things I have tried:

  1. Using the runas /user:regular_user command (this does not work)
  2. 1 bat file Using CALL for the 2 batch files (This "works" but for some reason both run at the same time)
  3. Running 2 bat files separately, and manually.
  4. Searching SO, but I could not find admin->user instead only user->admin

TLDR: How do I de-elevate to user mode from admin mode in a batch file?

Community
  • 1
  • 1
Ishikawa91
  • 404
  • 4
  • 15

3 Answers3

2

Your best bet is to use the best third party remote/local execution tool : Windows Sysinternals PSEXEC. You can supply credentials and accomplish what you need using PSEXEC! You can put PSEXEC commands into your batch file or vbs and have them run without a hitch. You can also call one command with PSEXEC elevated permission and the next without any elevation, while mixing credentials in a single unique batch file.

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

apollosoftware.org
  • 12,161
  • 4
  • 48
  • 69
2

If you're using 2 batch files, call the batch ElevatedBatch.cmd with elevation by using Main.cmd (which continues doing unelevated things):

@ECHO OFF
START /WAIT ElevatedBatch.cmd %1 %2 %3 %4 %5 %6 %7 %8 %9
REM here you can do unelevated stuff:
ECHO Running unelevated now

The parameter /WAIT ensures that the script will wait until ElevatedBatch.cmd has ended. For ElevatedBatch.cmd you can use a template like this one to elevate it.

Community
  • 1
  • 1
Matt
  • 25,467
  • 18
  • 120
  • 187
0

Do first the non-elevated part, then elevate and continue.

Dimas
  • 116
  • 7
  • I'm not sure if that's possible in the OP's scenario. OP says that he needs to update HOSTS file first, and then use new aliases to do the second part. – user1071777 Aug 08 '14 at 15:00