Asked  7 Months ago    Answers:  5   Viewed   48 times

I want my batch file to only run elevated. If not elevated, provide an option for the user to relaunch batch as elevated.

I'm writing a batch file to set a system variable, copy two files to a Program Files location, and start a driver installer. If a Windows 7/Windows Vista user (UAC enabled and even if they are a local admin) runs it without right-clicking and selecting "Run as Administrator", they will get 'Access Denied' copying the two files and writing the system variable.

I would like to use a command to automatically restart the batch as elevated if the user is in fact an administrator. Otherwise, if they are not an administrator, I want to tell them that they need administrator privileges to run the batch file. I'm using xcopy to copy the files and REG ADD to write the system variable. I'm using those commands to deal with possible Windows XP machines. I've found similar questions on this topic, but nothing that deals with relaunching a batch file as elevated.



You can have the script call itself with psexec's -h option to run elevated.

I'm not sure how you would detect if it's already running as elevated or not... maybe re-try with elevated perms only if there's an Access Denied error?

Or, you could simply have the commands for the xcopy and reg.exe always be run with psexec -h, but it would be annoying for the end-user if they need to input their password each time (or insecure if you included the password in the script)...

Tuesday, June 1, 2021
answered 7 Months ago

The following C++ function can do that:

HRESULT GetElevationType( __out TOKEN_ELEVATION_TYPE * ptet );


    [out] Pointer to a variable that receives the elevation type of the current process.

    The possible values are:

    TokenElevationTypeDefault - This value indicates that either UAC is disabled, 
        or the process is started by a standard user (not a member of the Administrators group).

    The following two values can be returned only if both the UAC is enabled
    and the user is a member of the Administrator's group:

    TokenElevationTypeFull - the process is running elevated. 

    TokenElevationTypeLimited - the process is not running elevated.

Return Values:

    If the function succeeds, the return value is S_OK. 
    If the function fails, the return value is E_FAIL. To get extended error information, call GetLastError().


HRESULT GetElevationType( __out TOKEN_ELEVATION_TYPE * ptet )
    if ( !IsVista() )
        return E_FAIL;

    HRESULT hResult = E_FAIL; // assume an error occurred
    HANDLE hToken   = NULL;

    if ( !::OpenProcessToken( 
                &hToken ) )
        return hResult;

    DWORD dwReturnLength = 0;

    if ( ::GetTokenInformation(
                sizeof( *ptet ),
                &dwReturnLength ) )
            ASSERT( dwReturnLength == sizeof( *ptet ) );
            hResult = S_OK;

    ::CloseHandle( hToken );

    return hResult;
Tuesday, June 29, 2021
answered 6 Months ago

You can run a command with restricted privileges with:

runas /trustlevel:0x20000 "YourCommandHere"

You should provide the absolute path to your command including any arguments in double quotes as an argument to runas.

If you would like to run more than one command with restricted privileges, you can put them in a separate batch file and run it with:

runas /trustlevel:0x20000 "cmd /C PathToYourBatchFile"

Anyway, this will open a new console with restricted privileges. You also have to use this syntax whenever you wish to run with restricted privileges an internal command (like copy, del, etc.) as these are provided by the command line interpreter and do not have an associated path.

Note that 0x20000 is the trust level of standard users. You can list other available trust levels by running

runas /showtrustlevels
Thursday, July 29, 2021
answered 4 Months ago

From the command line you can use

for /r "c:javascripts" %F in (*.js) do @type "%F" >>concatenated.js

You might want want to first delete any existing concatenated.js before you run the above command.

From a batch file the percents need to be doubled

@echo off
del concatenated.js
for /r "c:javascripts" %%F in (*.js) do type "%%F" >>concatenated.js

It is a bit more efficient to put parentheses around the entire statement and use a single overwrite redirection instead of append redirection with each iteration. It also eliminates the need to delete the file in the beginning.

>concat.js (for /r "c:javascripts" %F in (*.js) do @type "%F")

or from batch

@echo off
>concat.js (for /r "c:javascripts" %%F in (*.js) do type "%%F")
Monday, August 9, 2021
answered 4 Months ago

Thank you both @Jacob and @Jonathan, I ultimately ended up using neither of your approaches in favour of using middleman, hence the answer to my own question.

For those reading this topic having a similar question in mind, the reason I like middleman so much is that it effectively combines my entire workflow into 1 mini-server app. Using mm-ini project_name and then mm-server in the directory I instantly have access to Compass, HAML and SASS all with the option of simply outputting it to plain html at any given time.

Here is more info about middleman :

Staticmatic and Nanoc also do HAML but as far as I could find out they do not 'out of the box' support Compass (SASS) compilation, which for some might be an upside but for me wasn't.

Again, thanks for your answers, here is however the answer that I ultimately chose to follow.

Sunday, October 31, 2021
answered 1 Month ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :