|17 Jan 2013||#1|
How do I enable BAT files to run as NON-Admins?
Here is my setup. Win 7 64bit, completely patched with DISA Security lockdowns in place. I have an admin account 'TEST' listed in both the administrators and users groups. The cmd.exe file has both groups as full control to the file, and ownership as the administrators group.
I have a bat file that resides on the C:\. The C:\ has administrators as full control access. The BAT file itself has the same permissions and settings as the cmd.exe file.
I have gone into secpol and ensured that administrators and users are listed in the 'Logon as Batch Job' setting and nothing shown for the Deny Logon as Batch Job' setting.
So here is the problem... when the computer starts up, this BAT file is to run to map some network drives for me. When I login locally to the machine as the TEST account, the BAT file says 'Access is Denied'. Once I am in, if I right-click and choose 'Run As Administrator' and retype my credentials, then it maps the drives. So I created a standard user account 'STUser' and logged in locally and of course the BAT file does not run, I need to 'Run As Admin' and use the TEST credentials.
I need this BAT file to run at startup for all users without elevation being required. Is there a Security Setting somewhere on this machine or reg entry I need to modify to enable this? I would just handle the DISA lockdown however I am not the one who applies it. I am just the one who has to figure out how to make this work and what settings I need to modify to do so. I know that some Firewall entries were made in the registry at HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall but I dont want to play around in something I am unsure of. I also cannot check if the Firewall is on because Windows Firewall under Control Panel is blank.
Any guidance would be great good sirs!
|My System Specs|
|17 Jan 2013||#2|
You could run the batch file though the runas command.
Elevated Program Shortcut - Create for Standard User
runas /noprofile /user:computername\username "batch file location"
If you actually need to enter in the credentials you can use the /savecred. Then you will just have to enter then in once.
|My System Specs|
|22 Jan 2013||#4|
Parman: Unfortuantely so security purposes I cannot use the runas option with elevated permission and saved creds.
Pauly: This is not my setup; this is the configuration I have to use and deal with. I am just tasked with making it work.
I have gone in an disabled the UAC as a test and I can get the admin account to run the script at startup without issue however my STUser account still gives me an access denied. I am leaning towards a file/folder permissions issue but cannot isolate it as of yet.
Any other ideas I am open and welcome to trying.
|My System Specs|
|Similar help and support threads for2: How do I enable BAT files to run as NON-Admins?|
|Is there a way to enable thumnails on JUST image files||Customization|
|how can i enable recyling bin for the files store in a USB drive?||Hardware & Devices|
|Re-enable the warning when opening EXE files||Installation & Setup|
|Zip - Extracted Files Window - Enable or Disable||Tutorials|
|Offline Files - Enable or Disable the Use Of||Tutorials|
|Account Operators, Domain Admins, Enterprise Admins||System Security|
|Restore Backup Files - Enable or Disable||Tutorials|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 12:31 AM.