I have a MSI that deploys a shortcut that runs a batch file. How do I get this to run with elevated rights as a Standard User?
So I am hoping that a Standard User that does not have admin rights will be able to run the batch file with elevate rights and UAC to be bypassed?
The OS is Windows 8.1 64bit, UAC is turn on.
1 Comment
[ + ] Show comment
Answers (4)
Please log in to answer
Posted by:
anonymous_9363
8 years ago
1. An ability for ordinary users to run programs with elevated privileges and bypass UAC would be a monumental hole in Windows' security.
2. Your script doesn't check that the uninstall completed successfully before blundering on to the installation.
3. Most MSIs will be authored to automatically upgrade an app - presumably these are related apps? - with no need to explicitly uninstall previous versions.
4. You should add verbose logging to your command line, or trouble-shooting issues will be pretty much guesswork.
5. If you're deploying via any sort of purpose built system, it will most likely be using the local System account, so there's no need for elevation.
2. Your script doesn't check that the uninstall completed successfully before blundering on to the installation.
3. Most MSIs will be authored to automatically upgrade an app - presumably these are related apps? - with no need to explicitly uninstall previous versions.
4. You should add verbose logging to your command line, or trouble-shooting issues will be pretty much guesswork.
5. If you're deploying via any sort of purpose built system, it will most likely be using the local System account, so there's no need for elevation.
Comments:
-
Regarding point 3, if it's a vendor MSI, you can only hope and test. If it's been repackaged, the chances are that it has not been authored to be updated, ergo de-install old / install new via Client Management tool and any user interaction via that tool... - Pressanykey 8 years ago
Posted by:
rileyz
8 years ago
Can't be done, that's whole point of a standard user and UAC.
Welcome to (semi) proper security!
Does the batch file really need elevation? Might be able to complete this as standard user, but I would need to know what you are trying to achieve.
Comments:
-
Hi I have been asked to create a batch file that will uninstall an application wait 5 seconds and the install the applications.. It is a problematic application and so we wanted to give the Users the ability to do this themselves. The Shortcut is just called "appname Reset"
Command lines are:
msiexec /x {C9CE2055-FD42-403F-B478-2E633BE1C9A6} /QN
TIMEOUT 5 /nobreak
msiexec /i "Client.msi" TRANSFORMS="Client.mst" /QN - walshd1 8 years ago-
What deployment tool do you use, assuming you have a managed estate. - rileyz 8 years ago
Posted by:
SMal.tmcc
8 years ago
you can use autoit and create an exe that will call the batch file from an elevated prompt. Or you can just take your batch file lines and make them part of the autoit script then convert that to an exe
Posted by:
Badger
8 years ago
I agree with RileyZ, technically, 'it cant be done'. A std user is, by definition, a std user.
BUT, you can with some tools do things so when a std users is logged in you can run something, like the above. But you would have to do a runas and input the credentials (user name AND Password) of an admin user.
I have done it with vbs (then encrypted it) also with the autoit approach. These are both very bad options. I also get the feeling you are going to say, the builds are different, so you wont be able to say for sure what the password is for a local amdin user.
Good luck.
but, essentially you are using an MSI to intall a shortcut to run a batch file...
and the batch file removes a prev MSI install, then installs a new MSI. Is that correct - Badger 8 years ago