2

Synopsis: create a .bat file on a network share, simply put pause in it, then save. Right-click new file & 'Run as administrator' it closes right away, why?

Moving the file to the local PC (%SYSTEMDRIVE%) it will work correctly. So its clearly an issue with the UNC path? How can I fix? I tried putting pushd "%~dp0" as the first-line, but same instant close issue. If your wondering what I am trying to do, here a snippet:

echo ------MADE BY ME-----
REM install from batch file location, a network UNC path
msiexec /i "%~dp0AppNameHere.msi" /qn /norestart /log %TEMP%\AppNameHere.log
echo Instructions > %PUBLIC%\Desktop\HowToUseApp.txt

If I double-click batch it fails with access denied. Right-clicking batch file & 'Run as administrator' causes it to open & close quickly. If I open cmd as admin, then run batch it works fine. I am confused as to the cause. If I create a new batch file

gregg
  • 1,084
  • 1
  • 12
  • 25

1 Answers1

4

When UAC is enabled, elevated processes don't have access to network shares. This is by design.

Note that the workaround in the linked article for the EnableLinkedConnections registry change has unknown security consequences. Historically, even MS said you should avoid it, although the same KB article today is much more benign.

So, cmd.exe starts in an elevated process, tries to access the network drive so it can read the batch file, can't find the drive because it's not mapped for LocalSystem\Administrator, and exits.

Here's another question with some more possible work-arounds for you.

Community
  • 1
  • 1
Bacon Bits
  • 30,782
  • 5
  • 59
  • 66
  • Is it possible to catch this error? I mean, when i start the batch as admin from a network share, the opened cmd windows shall not close directly, but give an error message to the user. – Strubbl Sep 11 '19 at 14:50
  • 1
    @Strubbl No, not really possible to catch since the file is inaccessible. You have to write the whole script to account for it. I have written Powershell scripts that check to see if they're running in an elevated process. If not, they copy themselves to the temp folder and then execute themselves in a new elevated process. You could theoretically do the same with a batch file, but you're much more limited. You'd have to check if the file were running from the temp folder instead of testing for elevation. – Bacon Bits Sep 12 '19 at 00:48