Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do I enable BAT files to run as NON-Admins?

17 Jan 2013   #1
landonveitch

Win 7 64Bit
 
 
How do I enable BAT files to run as NON-Admins?

Hi everyone,

Here is my setup. Win 7 64bit, completely patched with DISA Security lockdowns in place. I have an admin account 'TEST' listed in both the administrators and users groups. The cmd.exe file has both groups as full control to the file, and ownership as the administrators group.

I have a bat file that resides on the C:\. The C:\ has administrators as full control access. The BAT file itself has the same permissions and settings as the cmd.exe file.

I have gone into secpol and ensured that administrators and users are listed in the 'Logon as Batch Job' setting and nothing shown for the Deny Logon as Batch Job' setting.

So here is the problem... when the computer starts up, this BAT file is to run to map some network drives for me. When I login locally to the machine as the TEST account, the BAT file says 'Access is Denied'. Once I am in, if I right-click and choose 'Run As Administrator' and retype my credentials, then it maps the drives. So I created a standard user account 'STUser' and logged in locally and of course the BAT file does not run, I need to 'Run As Admin' and use the TEST credentials.

I need this BAT file to run at startup for all users without elevation being required. Is there a Security Setting somewhere on this machine or reg entry I need to modify to enable this? I would just handle the DISA lockdown however I am not the one who applies it. I am just the one who has to figure out how to make this work and what settings I need to modify to do so. I know that some Firewall entries were made in the registry at HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall but I dont want to play around in something I am unsure of. I also cannot check if the Firewall is on because Windows Firewall under Control Panel is blank.

Any guidance would be great good sirs!


My System SpecsSystem Spec
.

17 Jan 2013   #2
Parman

Windows 7 Ultimate x64
 
 

You could run the batch file though the runas command.

Elevated Program Shortcut - Create for Standard User

Example
runas /noprofile /user:computername\username "batch file location"

If you actually need to enter in the credentials you can use the /savecred. Then you will just have to enter then in once.
My System SpecsSystem Spec
17 Jan 2013   #3
Pauly

Win7 Ultimate X64
 
 

If you want drives mapped for all users why dont you map network drives the conventional way with reconnect at logon selected then they are always there ?

Map Network Drive
My System SpecsSystem Spec
.


22 Jan 2013   #4
landonveitch

Win 7 64Bit
 
 

Parman: Unfortuantely so security purposes I cannot use the runas option with elevated permission and saved creds.

Pauly: This is not my setup; this is the configuration I have to use and deal with. I am just tasked with making it work.

I have gone in an disabled the UAC as a test and I can get the admin account to run the script at startup without issue however my STUser account still gives me an access denied. I am leaning towards a file/folder permissions issue but cannot isolate it as of yet.

Any other ideas I am open and welcome to trying.
My System SpecsSystem Spec
Reply

 How do I enable BAT files to run as NON-Admins?




Thread Tools





Similar help and support threads
Thread Forum
Is there a way to enable thumnails on JUST image files
I like having custom folder/drive icons and in doing so I had to disable thumbnails in Folder Options(otherwise folders would generate thumbnails and create their own, non-matching, icons), but it's become annoying to look though my image and wallpaper folders since since they don't generate their...
Customization
Re-enable the warning when opening EXE files
I removed it by mistake. I want to re-enable this: http://www.its.hku.hk/sites/default/files/services/tl/lc/uprint-win7-6.jpg
Installation & Setup
Zip - Extracted Files Window - Enable or Disable
How to Enable or Disable "Show Extracted Files when Complete" from ZIP in Windows By default, when using the built-in ZIP feature in Windows and you either right click on a Zip file and click on Extract All or open the zip file and click on the Extract all files command bar button to extract the...
Tutorials
Enable delete confirmation for files in WinExp?
How can I enable a confirmation prompt when deleting files in WinExplorer? Peter
General Discussion
Offline Files - Enable or Disable the Use Of
Enable or Disable the Use Of Offline Files in Windows 7 and Windows 8 If you work with files on a network, you can make the files available offline so you can access them even when your computer is not connected to the network. This is especially useful if you use a laptop to connect to a...
Tutorials
Account Operators, Domain Admins, Enterprise Admins
For some reason in Windows 7, my BitDefender anti virus software shuts down periodically and I have to restart it by going to services.msc in the search prompt and force restart of the program. Today I clicked on properties and it displayed some actions I could take after the program shuts down...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:41.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App