UAC - All Batch Files Fail when Run-as-Administrator


  1. Posts : 11
    XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
       #1

    UAC - All Batch Files Fail when Run-as-Administrator


    On only one of my Win7 boxes, any attempt to run a batch file with Run-as-Administrator produces the following error dialog.

    Title:
    C:\Users\eewiz\Desktop\Test.bat
    Message:
    Windows cannot access the specified device path or file. You may not have the appropriate permissions to access the item.

    It is the "HKCR\batfile\shell\runas\command" registry key that controls the running of elevated batch files on cmd.exe.
    The registry key contains one entry "(Default) REG_SZ %SystemRoot%\System32\cmd.exe /C "%1" %*"
    This is the correct string for this registry key.
    I verified against other correctly working Win7 boxes.
    If I drop %systemroot% on the run dialog, "C:\Windows" opens, so that's not the issue.

    I copied cmd.exe from System32 to C:\Temp.
    I changed the registry key from "%SystemRoot%\System32\cmd.exe /C "%1" %*" to
    "C:\Temp\cmd.exe /C "%1" %*"
    Now I can elevate batch files without a hitch.

    I set the key to ""%SystemRoot%\System32\cmd.exe /K"
    This should simply open a command window that remains open.
    It does not, I get the same error.

    I is apparent that this issue has nothing to do with any of the batch files themselves.
    I cannot elevate any batch file on any local or remote drive unless I copy cmd.exe to a an unprotected folder (sort of).

    Windows makes me answer a UAC prompt to copy cmd.exe to all of these destinations:
    C:\, C:Windows, C:\Program Files and C:\Program Files (x86).
    There is no UAC prompt to copy cmd.exe to \Temp.

    If cmd.exe is in C:Windows or C:Windows\System32. I get the error message.
    If cmd.exe is in C:\, C:\Program Files, C:\Program Files (x86) or C:\Temp. Elevated batch files work.
    Of course I change the registry key to point to directory for whichever cmd.exe is under test.
    The C:Windows and System32 folder permissions are identical to other boxes that work.
    All of the related registry permissions also appear identical to other boxes that work.

    Please! I need help to troubleshoot this issue.
      My Computer


  2. Posts : 7,100
    W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
       #2

    It might be because you included desktop in the path, check its permissions.

    Roy
      My Computer


  3. Posts : 11
    XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
    Thread Starter
       #3

    Update


    I changed the registry key from "%SystemRoot%\System32\cmd.exe /C "%1" %*" to
    "C:\Windows\System32\cmd.exe /C "%1" %*" and the issue is gone.

    I'm amazed. If I change the key to "%ComSpec% /C "%1" %*"
    I get the "Please select a program to run with this file" dialog.
    It doesn't even try to run %ComSpec% /C.

    If I drop %ComSpec% on the Run dialog, I get a command window that stays open, as expected.
    If I drop %ComSpec% /C on the Run dialog, the command window opens and closes immediately, as expected.

    If I change the key to %SystemRoot%Anything.
    I get the original permissions error.

    Both user and admin command prompts say the following:
    C:\Users\eewiz>echo %comspec%
    C:\Windows\system32\cmd.exe

    C:\Users\eewiz>echo %systemroot%
    C:\Windows

    Why does any system variable constructed path fail where a direct path works?
      My Computer


  4. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #4

    Did you add a pause command as the last command in your bat file ?
    The pause should keep the CMD window open until you press a key, so you can see any error messages for troubleshooting.
      My Computer


  5. Posts : 11
    XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
    Thread Starter
       #5

    That was my very first test.
    Two files named Test.bat and Test.cmd.
    Each contained a single PAUSE command.
    These test cases as well as all other batch files - local or remote - fail with the "Windows cannot access the specified device path or file" error when Run-as-Administrator.
    It is not the batch files that "Windows cannot access."
    It is cmd.exe that "Windows cannot access."
      My Computer


  6. Posts : 721
    Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
       #6

    It appears the environment variables aren’t expanding.

    Merge the attached registry file, ignoring any errors.
    UAC - All Batch Files Fail when Run-as-Administrator Attached Files
      My Computer


  7. Posts : 11
    XP-64, 7-32, 7-64, 8.1-64 2K3-32 & 2K8R2-64
    Thread Starter
       #7

    Found the Answer


    :)
    Thanks to Pyprohly's registry file and suggestion, I thought to export the "HKLM\Software\Classes\batfile\shell\runas\command" from both the bad box and a good box.

    The value on both boxes as seen in regedit is "%SystemRoot%\System32\cmd.exe /C "%1" %*"
    Exporting the bad box produced:

    Windows Registry Editor Version 5.00
    [HKEY_CLASSES_ROOT\batfile\shell\runas\command]
    @="%SystemRoot%\\System32\\cmd.exe /C "%1" %*"

    This is what I expected to see although, I now know that this is incorrect.

    I was quite surprised to see the following export from the good box:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\batfile\shell\runas\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6d,00,\
    64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,43,00,20,00,22,00,25,00,31,00,22,\
    00,20,00,25,00,2a,00,00,00

    After googling for "@=hex(2)", I discovered the difference between the REG_SZ and the REG_EXPAND_SZ registry value types.

    So here is the answer.
    On the bad box, via some unknown mechanism, the "[HKEY_CLASSES_ROOT\batfile\shell\runas\command]" value type was changed from REG_EXPAND_SZ to REG_SZ.

    Once the dirty work was done to the value type, no .bat or .cmd files could be elevated because Explorer unlike other programs, respects the difference between REG_EXPAND_SZ and REG_SZ.

    Explorer was trying to load cmd.exe from the literal path "%SystemRoot%\System32\cmd.exe".
    Hence, the "Windows cannot access the specified device path or file" error.

    Pyprohly was correct, the environment variables were not being expanded.
    Explorer doesn't expand %system variables% in the value if the value has a REG_SZ type.

    I have no idea how the value type got changed from REG_EXPAND_SZ to REG_SZ.
    Could this be an example of windows entropy?

    To fix this I exported the good REG_EXPAND_SZ key from a good box and then imported that into the broken box.

    This changed the broken box back to the REG_EXPAND_SZ type, and now it works.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:02.
Find Us