2

I have an HTA file with a VBScript embedded in it. From the VBScript, I need to call a command prompt command (powercfg /energy) that requires elevated permissions. The command will be called more than once a minute, so I can't have the user dealing with UAC prompts every time I need to run the command.

When I use the line Shell.Run "cmd /k powercfg /energy", 1 in the script, the command fails because elevated permissions are not given. When I try doing ShellApp.ShellExecute "cmd", "/k powercfg /energy", "", "runas", 1, which runs the command with elevated permissions, it opens up a UAC prompt with "yes" and "no" buttons. (This is running on Windows 10 Education Edition).

Obviously I can't have UAC prompts bothering the user multiple times a minute, so I tried implementing the following subroutine in the VBScript to re-run the HTA file in elevated mode from the beginning (it was running with basic permissions before) if it is not already elevated:

Sub ensureAdmin()
    is_admin = isAdmin() ' function that checks for admin permissions in current window

    If is_admin = False Then
        ShellApp.ShellExecute "mshta", "C:\%userprofile%\desktop\gPowerMeter.hta", "", "runas", 1
        Window.Close
        End If
    End Sub

I know that this code successfully relaunches the HTA file with elevated permissions because it pops a UAC prompt with "yes" and "no" buttons.

The problem is, adding this subroutine doesn't seem to affect the ability of the script to run elevated console commands. I get the same results with the two lines that I tried earlier when the HTA was running with basic permissions.

Does anyone have any suggestions on how to run the HTA and all scripts coming from it in elevated mode? I could implement a workaround, but it would be less elegant. Thank you.

NOTE: I'm not having problems getting the HTA to run elevated. I just want all commands executed from that HTA file through the VBScript ".Run('')" command to be elevated.

Cameron White
  • 43
  • 4
  • Does this answer your question? [Make an HTA file run as admin (elevated)](https://stackoverflow.com/questions/32799751/make-an-hta-file-run-as-admin-elevated) – user692942 Jan 24 '22 at 20:10
  • This is actually the thread that displays the code from which I created the subroutine to guarantee the HTA is running elevated. The problem is not getting the HTA file to run elevated (I have been successful with this); the problem is getting commands executed through ObjShell.Run("[cmd]") to run with admin permissions automatically (Meaning, without requiring the user to deal with a UAC prompt) – Cameron White Jan 24 '22 at 21:13
  • Unfortunately, the command shell is executed as an external command and is not subject to the elevated privilege given to the MSHTA process. What you want to do just isn’t possible within the constraints of the technology. You would need to build your own program and not rely on HTAs for such a task. – user692942 Jan 24 '22 at 21:35
  • This may help, but I’m sceptical - [How to run vbs as administrator from vbs?](https://stackoverflow.com/q/17466681/692942). Have you tried combining elevating the MSHTA with using `runas` with each command you wish to execute? – user692942 Jan 24 '22 at 21:40
  • 1
    @user692942, yes, I have tried that. It had the same result as running the same command in a non-elevated MSHTA (meaning, it resulted in the UAC box popping up for the external command). I think you may be right; there is no way to do this. Thanks for the help. – Cameron White Jan 24 '22 at 21:57
  • Note: I asked another question as a more specific follow up: https://stackoverflow.com/q/70841191/18020746 – Cameron White Jan 24 '22 at 22:20

1 Answers1

0

Unfortunately, what you are trying to do just isn't possible within the constraints of the technologies you are using.

Elevating the MSHTA process does not affect the elevation of the executed shell process you wish to run from it. The best you can hope for is elevating the individual shell process via the runas command. However, as you have already pointed out, this will trigger a UAC (User Account Control) prompt.

The best advice would be to build the processes using a fully-fledged programming language that allows you more control over the elevation of processes via UAC programmatically over using an HTA.

Useful Links

user692942
  • 16,398
  • 7
  • 76
  • 175