I am looking for away to run batch files in elevated mode (runas administrator) so that it doesn’t trip the UAC to prompt for user interaction. We have some registry edits, among other things, that we do in our login scripts which trigger the UAC to prompt for each registry that is run.

I realize that this sort of defeats the purpose of the UAC, but it would be nice if there was some way of running batch files on machines that have UAC enabled.

These batch files need to be able to run without any user interaction (they are mainly login scripts, and some administrative scripts). We are not using an Active Directory domain, so hopefully there is a solution for none AD domains.

The solutions that I have found so far are as follows:

1. Disable the UAC altogether – We normally do this, but we might be running into some situations where we cannot disable it.
2. Create a shortcut to the batch file we wish to run in elevated mode. Go to the properties of the shortcut > Shortcut tab > Advaned > Check off “Run as Administrator”
   • This solution seems to work, however the initial running of the shortcut causes the UAC prompt to come up. All the commands run within the batch file do not cause the UAC prompt. Close to the solution, but it would be nice not to get any prompts.

3.
Running the batch file with the ‘runas’ command.

• I have tried this, however it still doesn’t see to achieve the elevation to prevent the UAC from prompting.
• Also, using the echo ‘password’ | runas ….. method to provide the password doesn’t seem to work right, so I am always having to type in the password.

The other thing that I was thinking, but I haven’t really researched yet is, do powershell scripts run/work better in an environment where the UAC is enabled? Does Windows ‘trust’ certified powershell scripts and allow them to run unimpeded without triggering the UAC?

From what I have read, these is no way around the UAC other then disabling it. But I just wanted to see if anyone might be able to shed some additional light on this topic.

Thank you,

Cheers

Registry manipulation for which the current user has access will not itself trigger a UAC prompt.

However using an application with a manifest that requires elevation if running as un-elevated administrator will prompt.

Are you trying to use regedit.exe to perform batch operation? If so replace with reg.exe (using cmd.exe) or, better, PowerShell’s inbuilt registry support.

Eg.

will not require elevation (as that key is readable by everyone), but setting a property on that key will require an elevated PSH session.

An alternative approach, if you are performing operations that require administrative access (need modify access to some object with ACL that limits modification to administrators). Or, something a non-administrator could never do UAC or not, without enter an administrator’s account’s credentials.

Consider using Task Scheduler: a trigger of on user logon but configured under a specific elevated administrator account.

Summary: really need to know at least one of the things you are doing that triggers UAC in detail.