Announcement

Collapse
No announcement yet.

launch bat file from net drive with admin rights

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • launch bat file from net drive with admin rights

    Title says it almost all. Hello all , I have to install adobe acrobat from a share on a server. (nas) it's an .exe but with parameters. So I made a small bat file with the commands I need. But from a w7 client, It just deos not work, the exe log says it's not runned with admin privileges. Even if I start the bat as admin, nothing. I tried 2 different "bat 2 exe" progs, have the exe made, run it as admin, still nothing. Any idea ?

    The client account is admin of his machine, and not necessary in a domain (some are, and some not)

    many thanks.

  • #2
    Re: launch bat file from net drive with admin rights

    Does your script work if you copy the Adobe installer to the local machine first, and modify your script to call it from that location? Or does the script work if you run the command line interactively to call the network share?
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: launch bat file from net drive with admin rights

      The installation of Acrobat is initiated by the batch file, not controlled by it. It is a separate process and will need admin credentials of its own.

      There is likely a way to script this, so that it runs as an admin or as the system, but I'm no script jockey. Hope this at least sheds some light on the problem.

      Comment


      • #4
        Re: launch bat file from net drive with admin rights

        Adobe used to, and probably still do, provide a "network admin" install of Acrobat Reader as an msi file - you can then deploy this by group policy

        Yup - still seems to be there:
        https://www.google.co.uk/search?q=ac...CKe57AbVsoHQBQ
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: launch bat file from net drive with admin rights

          Originally posted by Simoncu View Post
          [...] the exe log says it's not runned with admin privileges. Even if I start the bat as admin, [...]
          You wrote "Even if I start it as admin", do you mean 'Run as Administrator' by right clicking on the batch file? That should work, an elevated process does launch the setup with administrative rights.

          Is the .exe setup file on a mapped drive?
          Can you show the batch.

          /Rems

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: launch bat file from net drive with admin rights

            Originally posted by Ossian View Post
            Adobe used to, and probably still do, provide a "network admin" install of Acrobat Reader as an msi file - you can then deploy this by group policy

            Yup - still seems to be there:
            https://www.google.co.uk/search?q=ac...CKe57AbVsoHQBQ
            Yeah I have the MSI, but I cannot deploy it by GPO, not all machines/users are in the active dir....

            Comment


            • #7
              Re: launch bat file from net drive with admin rights

              Originally posted by RicklesP View Post
              Does your script work if you copy the Adobe installer to the local machine first, and modify your script to call it from that location? Or does the script work if you run the command line interactively to call the network share?
              It's not a script, as I'm no scritping guy at all. it's a .bat like that lauches this command :

              ExceptionDeployer.exe --workflow=install --mode=pre --installLanguage=fr_FR

              And I know that it is the .exe that needs to be run as admin, but I don't see a way of doing that. THe user goes to the net drive, sees the bacthc, right clie, run as administrator and launches the thing. But nothing happens. If I copy the whole directory, and launch the batch locally as admin, it's ok.

              If I could make a script that copies everything, launches the bat as admin locally, deletes the files, that would be fine, unfortunately, I'm not good enough to do so. I'm just an old guy who used DOS gw-basic

              Comment


              • #8
                Re: launch bat file from net drive with admin rights

                Originally posted by Simoncu View Post
                The user goes to the net drive, sees the batch, right click, run as administrator and launches the thing. But nothing happens. (If I copy the whole directory, and launch the batch locally as admin, it's ok).
                "The user goes to the net drive" [drive letter:] - a mapped network share is linked for the current process access token. With UAC enabled members of the Administrators group are treated as standard users.This means the network share does not have to be mapped for processes that run with the full administrator access token (How to make elevated programs recognize network drives).

                That explains "nothing happens".

                For your situation you could give the batch below a try (Do not start this batch with right click / Run as Administrator!),
                Code:
                @echo off & cls
                
                :: # checkPrivileges 
                if '%1'=='$ELEV' goto :gotPrivileges
                NET.exe FILE >NUL 2>&1 && goto :gotPrivileges
                
                :: # determine UNC
                for /f "tokens=*" %%* in ('net use %~d0 2^>nul ^| find "\\"') do set "d=%%*"
                if not defined d (Set "dp=%~dp0") else set "dp=%d:*\\=\\%%~p0"
                
                :: # getPrivileges
                Set "tmp$=%USERPROFILE%\tmp$"
                mkdir "%tmp$%"
                > "%tmp$%\OEgetPrivileges" (
                   ECHO.Set UAC = CreateObject("Shell.Application"^)
                   ECHO.UAC.ShellExecute "%dp%%~nx0", "$ELEV",, "runas", 2)
                cscript.exe //B //NoLogo //E:vbscript "%tmp$%\OEgetPrivileges"
                goto :EOF
                
                :gotPrivileges
                start ""/B "%~dp0ExceptionDeployer.exe" --workflow=install --mode=pre --installLanguage=fr_FR
                The batch converts the path from a mapped drive to an UNC path. It cannot be started using runas! After it knows the UNC (in cases the batch is not on a local drive) the batch will restart itself and then started automatically elevated.


                explanation:
                After dealing with the path, the batch creates a two line vbs file locally, then it fires the vbs. The vbs starts a second instance of the same batch but now elevated and using the UNC path. The initial instance of the batch closes. (instead of restarting the batch the vbs could also directly start the exe with parameters and elevated. But doing it like it is done now in this sample makes it easier to use this batch also in other cases). The exe file is started (using the UNC path).


                /Rems
                Last edited by Rems; 3rd February 2014, 13:37.

                This posting is provided "AS IS" with no warranties, and confers no rights.

                __________________

                ** Remember to give credit where credit's due **
                and leave Reputation Points for meaningful posts

                Comment


                • #9
                  Re: launch bat file from net drive with admin rights

                  Originally posted by Ossian View Post
                  Adobe used to, and probably still do, provide a "network admin" install of Acrobat Reader as an msi file - you can then deploy this by group policy

                  Yup - still seems to be there:
                  https://www.google.co.uk/search?q=ac...CKe57AbVsoHQBQ
                  Also, Adobe includes the setup files in the installation. I took a class using Installshield (as it was called then) and Acrobat Reader was brought up specifically because it didn't repackage well. But, there's a folder called "Setup Files" in Reader's Program Files folder that can be used for mass distribution.

                  Comment


                  • #10
                    Re: launch bat file from net drive with admin rights

                    Have you seen this:
                    http://community.spiceworks.com/how_...eader-with-gpo
                    Takes a bit to get your head around but works ok after that.
                    Please remember to award reputation points if you have received good advice.
                    I do tend to think 'outside the box' so others may not always share the same views.

                    MCITP -W7,
                    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

                    Comment


                    • #11
                      Re: launch bat file from net drive with admin rights

                      Originally posted by Rems View Post
                      "The user goes to the net drive" [drive letter:] - a mapped network share is linked for the current process access token. With UAC enabled members of the Administrators group are treated as standard users.This means the network share does not have to be mapped for processes that run with the full administrator access token (How to make elevated programs recognize network drives).

                      That explains "nothing happens".

                      For your situation you could give the batch below a try (Do not start this batch with right click / Run as Administrator!),
                      .....
                      The batch converts the path from a mapped drive to an UNC path. It cannot be started using runas! After it knows the UNC (in cases the batch is not on a local drive) the batch will restart itself and then started automatically elevated.


                      explanation:
                      After dealing with the path, the batch creates a two line vbs file locally, then it fires the vbs. The vbs starts a second instance of the same batch but now elevated and using the UNC path. The initial instance of the batch closes. (instead of restarting the batch the vbs could also directly start the exe with parameters and elevated. But doing it like it is done now in this sample makes it easier to use this batch also in other cases). The exe file is started (using the UNC path).


                      /Rems
                      I think that this script solved my problem, I still have to try it on a "clean" machine without any adobe residue on it, but on the one I tried, the process started, if it's ok you made my day !!! Let you know later on ...

                      Comment


                      • #12
                        Re: launch bat file from net drive with admin rights

                        Great, sound promising keep us posted.

                        There is one configuration you may like to consider to deploy to all the workstations,

                        It can be installed with the same batch... in one run together with the installation of adobe reader. As you already want to run this bach on every station.
                        By adding this after the last line in the batch,
                        Code:
                        Reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLinkedConnections /t REG_DWORD /d 1 /F
                        After the value EnableLinkedConnections is added, changes will take effect after the next reboot. After that the network drives you create should become available to the elevated applications, as well.

                        /Rems

                        This posting is provided "AS IS" with no warranties, and confers no rights.

                        __________________

                        ** Remember to give credit where credit's due **
                        and leave Reputation Points for meaningful posts

                        Comment

                        Working...
                        X