Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: How do I enable BAT files to run as NON-Admins?

17 Jan 2013   #1

Win 7 64Bit
How do I enable BAT files to run as NON-Admins?

Hi everyone,

Here is my setup. Win 7 64bit, completely patched with DISA Security lockdowns in place. I have an admin account 'TEST' listed in both the administrators and users groups. The cmd.exe file has both groups as full control to the file, and ownership as the administrators group.

I have a bat file that resides on the C:\. The C:\ has administrators as full control access. The BAT file itself has the same permissions and settings as the cmd.exe file.

I have gone into secpol and ensured that administrators and users are listed in the 'Logon as Batch Job' setting and nothing shown for the Deny Logon as Batch Job' setting.

So here is the problem... when the computer starts up, this BAT file is to run to map some network drives for me. When I login locally to the machine as the TEST account, the BAT file says 'Access is Denied'. Once I am in, if I right-click and choose 'Run As Administrator' and retype my credentials, then it maps the drives. So I created a standard user account 'STUser' and logged in locally and of course the BAT file does not run, I need to 'Run As Admin' and use the TEST credentials.

I need this BAT file to run at startup for all users without elevation being required. Is there a Security Setting somewhere on this machine or reg entry I need to modify to enable this? I would just handle the DISA lockdown however I am not the one who applies it. I am just the one who has to figure out how to make this work and what settings I need to modify to do so. I know that some Firewall entries were made in the registry at HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall but I dont want to play around in something I am unsure of. I also cannot check if the Firewall is on because Windows Firewall under Control Panel is blank.

Any guidance would be great good sirs!

My System SpecsSystem Spec
17 Jan 2013   #2

Windows 7 Ultimate x64

You could run the batch file though the runas command.

Elevated Program Shortcut - Create for Standard User

runas /noprofile /user:computername\username "batch file location"

If you actually need to enter in the credentials you can use the /savecred. Then you will just have to enter then in once.
My System SpecsSystem Spec
17 Jan 2013   #3

Win7 Ultimate X64

If you want drives mapped for all users why dont you map network drives the conventional way with reconnect at logon selected then they are always there ?

Map Network Drive
My System SpecsSystem Spec
22 Jan 2013   #4

Win 7 64Bit

Parman: Unfortuantely so security purposes I cannot use the runas option with elevated permission and saved creds.

Pauly: This is not my setup; this is the configuration I have to use and deal with. I am just tasked with making it work.

I have gone in an disabled the UAC as a test and I can get the admin account to run the script at startup without issue however my STUser account still gives me an access denied. I am leaning towards a file/folder permissions issue but cannot isolate it as of yet.

Any other ideas I am open and welcome to trying.
My System SpecsSystem Spec

 How do I enable BAT files to run as NON-Admins?

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:31 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App