Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: UAC - All Batch Files Fail when Run-as-Administrator

31 Mar 2017   #1
eewiz

XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
 
 
UAC - All Batch Files Fail when Run-as-Administrator

On only one of my Win7 boxes, any attempt to run a batch file with Run-as-Administrator produces the following error dialog.

Title:
C:\Users\eewiz\Desktop\Test.bat
Message:
Windows cannot access the specified device path or file. You may not have the appropriate permissions to access the item.

It is the "HKCR\batfile\shell\runas\command" registry key that controls the running of elevated batch files on cmd.exe.
The registry key contains one entry "(Default) REG_SZ %SystemRoot%\System32\cmd.exe /C "%1" %*"
This is the correct string for this registry key.
I verified against other correctly working Win7 boxes.
If I drop %systemroot% on the run dialog, "C:\Windows" opens, so that's not the issue.

I copied cmd.exe from System32 to C:\Temp.
I changed the registry key from "%SystemRoot%\System32\cmd.exe /C "%1" %*" to
"C:\Temp\cmd.exe /C "%1" %*"
Now I can elevate batch files without a hitch.

I set the key to ""%SystemRoot%\System32\cmd.exe /K"
This should simply open a command window that remains open.
It does not, I get the same error.

I is apparent that this issue has nothing to do with any of the batch files themselves.
I cannot elevate any batch file on any local or remote drive unless I copy cmd.exe to a an unprotected folder (sort of).

Windows makes me answer a UAC prompt to copy cmd.exe to all of these destinations:
C:\, C:Windows, C:\Program Files and C:\Program Files (x86).
There is no UAC prompt to copy cmd.exe to \Temp.

If cmd.exe is in C:Windows or C:Windows\System32. I get the error message.
If cmd.exe is in C:\, C:\Program Files, C:\Program Files (x86) or C:\Temp. Elevated batch files work.
Of course I change the registry key to point to directory for whichever cmd.exe is under test.
The C:Windows and System32 folder permissions are identical to other boxes that work.
All of the related registry permissions also appear identical to other boxes that work.

Please! I need help to troubleshoot this issue.


My System SpecsSystem Spec
.
31 Mar 2017   #2
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

It might be because you included desktop in the path, check its permissions.

Roy
My System SpecsSystem Spec
31 Mar 2017   #3
eewiz

XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
 
 
Update

I changed the registry key from "%SystemRoot%\System32\cmd.exe /C "%1" %*" to
"C:\Windows\System32\cmd.exe /C "%1" %*" and the issue is gone.

I'm amazed. If I change the key to "%ComSpec% /C "%1" %*"
I get the "Please select a program to run with this file" dialog.
It doesn't even try to run %ComSpec% /C.

If I drop %ComSpec% on the Run dialog, I get a command window that stays open, as expected.
If I drop %ComSpec% /C on the Run dialog, the command window opens and closes immediately, as expected.

If I change the key to %SystemRoot%Anything.
I get the original permissions error.

Both user and admin command prompts say the following:
C:\Users\eewiz>echo %comspec%
C:\Windows\system32\cmd.exe

C:\Users\eewiz>echo %systemroot%
C:\Windows

Why does any system variable constructed path fail where a direct path works?
My System SpecsSystem Spec
.

31 Mar 2017   #4
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Did you add a pause command as the last command in your bat file ?
The pause should keep the CMD window open until you press a key, so you can see any error messages for troubleshooting.
My System SpecsSystem Spec
31 Mar 2017   #5
eewiz

XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
 
 

That was my very first test.
Two files named Test.bat and Test.cmd.
Each contained a single PAUSE command.
These test cases as well as all other batch files - local or remote - fail with the "Windows cannot access the specified device path or file" error when Run-as-Administrator.
It is not the batch files that "Windows cannot access."
It is cmd.exe that "Windows cannot access."
My System SpecsSystem Spec
31 Mar 2017   #6
Pyprohly

Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
 
 

It appears the environment variables arenít expanding.

Merge the attached registry file, ignoring any errors.


Attached Files
File Type: reg batfile_Defaults.reg (6.3 KB, 3 views)
My System SpecsSystem Spec
31 Mar 2017   #7
eewiz

XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
 
 
Found the Answer


Thanks to Pyprohly's registry file and suggestion, I thought to export the "HKLM\Software\Classes\batfile\shell\runas\command" from both the bad box and a good box.

The value on both boxes as seen in regedit is "%SystemRoot%\System32\cmd.exe /C "%1" %*"
Exporting the bad box produced:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\batfile\shell\runas\command]
@="%SystemRoot%\\System32\\cmd.exe /C "%1" %*"

This is what I expected to see although, I now know that this is incorrect.

I was quite surprised to see the following export from the good box:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\batfile\shell\runas\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6d,00,\
64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,43,00,20,00,22,00,25,00,31,00,22,\
00,20,00,25,00,2a,00,00,00

After googling for "@=hex(2)", I discovered the difference between the REG_SZ and the REG_EXPAND_SZ registry value types.

So here is the answer.
On the bad box, via some unknown mechanism, the "[HKEY_CLASSES_ROOT\batfile\shell\runas\command]" value type was changed from REG_EXPAND_SZ to REG_SZ.

Once the dirty work was done to the value type, no .bat or .cmd files could be elevated because Explorer unlike other programs, respects the difference between REG_EXPAND_SZ and REG_SZ.

Explorer was trying to load cmd.exe from the literal path "%SystemRoot%\System32\cmd.exe".
Hence, the "Windows cannot access the specified device path or file" error.

Pyprohly was correct, the environment variables were not being expanded.
Explorer doesn't expand %system variables% in the value if the value has a REG_SZ type.

I have no idea how the value type got changed from REG_EXPAND_SZ to REG_SZ.
Could this be an example of windows entropy?

To fix this I exported the good REG_EXPAND_SZ key from a good box and then imported that into the broken box.

This changed the broken box back to the REG_EXPAND_SZ type, and now it works.
My System SpecsSystem Spec
Reply

 UAC - All Batch Files Fail when Run-as-Administrator




Thread Tools




Similar help and support threads
Thread Forum
UAC - Batch Files just Blink (Do Nothing) when Run-as-Administrator
If the following is true: 1. A batch file resides in a path that is unprotected by windows like C:\Temp or D:\Anything, and, 2. any of the folders in the path, or the name of the batch file, contain the "(" opening parenthesis, and, 3. the batch file is run by clicking/selecting...
System Security
Can no longer run batch files unless as administrator
Windows 7 64-bit Home Premium - Dell 660 w/i5 Intel - 8GB RAM I've been running the same batch files for several years with the same login account. Now, all of a sudden, I have to run them as administrator. My personal account already is an 'administrator' and not a standard user account. ...
General Discussion
How to run a batch , .bat, flle as administrator
I run a batch file from the Windows scheduler and get an error 5, 'access denied'. If i run the batch file as administrator I have access and everything is OK except I must answer the UAC popup. The question is "How can I run the batch file from the scheduler with admin privileges and NOT have to...
General Discussion
How to always run batch file as administrator?
I've made a batch file, but i don't know how to make it to always run as administartor. In .bat's file properties the option "always run as administartor" is grayed out. I have to right click it and then choose "run as administartor" from context menu. But i don't want to do it every time because...
General Discussion
batch files - run as administrator
I am a software developer (dot net). Until recently I did all my work in the XP environment. I developed a utility library that goes into the global assembly cache. In the XP world this was easy. I write some .bat files that called the gacutil.exe and passed it the appropriate parameters. ...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:56.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App