Can't run as Admin

2019-08-01 03:55发布

站内问答 / 前沿技术
1408 3 4

I have to execute the ewfmgr.exe which can be executed only when the Command window is opened as an Admin.

If I go to Start->type cmd.exe->Right click->Run as Administrator then the following Comand prompt windows appear. In this window, if I write ewfmgr.exe (which the EXE file that I have to execute), then the command is executed without any problem.

image http://imageshack.com/a/img922/9500/k0subw.png

MY REQUIREMENT: My requirement is to execute the command through a script file (RunasAdmin.cmd file) and this script file will be executed through an NSIS Installer.

Since, the ewfmgr.exe can be executed only with Admin, so I have to escalate my script to get Admin rights. For this, I have the following script:

Script to Get Admin Right: "(RunasAdmin.cmd)"

::::::::::::::::::::::::::::::::::::::::::::
:: Elevate.cmd - Version 4
:: Automatically check & get admin rights
::::::::::::::::::::::::::::::::::::::::::::
 @echo off
 CLS
 ECHO.
 ECHO =============================
 ECHO Running Admin shell
 ECHO =============================

:init
 setlocal DisableDelayedExpansion
 set cmdInvoke=0
 set winSysFolder=System32
 set "batchPath=%~0"
 for %%k in (%0) do set batchName=%%~nk
 set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
 setlocal EnableDelayedExpansion

:checkPrivileges
  NET FILE 1>NUL 2>NUL
  if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
  if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
  ECHO.
  ECHO **************************************
  ECHO Invoking UAC for Privilege Escalation
  ECHO **************************************

  ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
  ECHO args = "ELEV " >> "%vbsGetPrivileges%"
  ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
  ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"
  ECHO Next >> "%vbsGetPrivileges%"

  if '%cmdInvoke%'=='1' goto InvokeCmd 

  ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
  goto ExecElevation

:InvokeCmd
  ECHO args = "/c """ + "!batchPath!" + """ " + args >> "%vbsGetPrivileges%"
  ECHO UAC.ShellExecute "%SystemRoot%\%winSysFolder%\cmd.exe", args, "", "runas", 1 >> "%vbsGetPrivileges%"

:ExecElevation
 "%SystemRoot%\%winSysFolder%\WScript.exe" "%vbsGetPrivileges%" %*
 exit /B

:gotPrivileges
 setlocal & pushd .
 cd /d %~dp0
 if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)

 ::::::::::::::::::::::::::::
 ::START
 ::::::::::::::::::::::::::::
 REM Run shell as admin (example) - put here code as you like
 ewfmgr c: -enable
 pause
 cmd /k

PROBLEM: If I execute the script (RunasAdmin.cmd) just by double clicking on it, the script is executed and get the task done without any error. But if I execute the script (RunasAdmin.cmd) through my NSIS installer (EWFMGR_Run.exe) then, I get an error that ewfmgr is not recognised as an internal or external command

NSIS Installer Code: (EWFMGR_Run.exe)

OutFile "EWFMGR_Run.exe"
section
    ExecWait "D:\Disk\RunasAdmin.cmd"
sectionEnd

The Command window opened by NSIS installer after running the script (RunasAdmin.cmd) is following:

image http://imageshack.com/a/img924/8846/vZnI70.png

Queston: Both the command windows are opened as Admin and are into the same working directory. But how come the window opened by NSIS installer is not able to find ewfmgr.exe?

UPDATE-1: Bascially the problem is in the CMD window opened by the NSIS installer. Even if I move to the path C:\Windows\System32 manually using cd /D C:\Windows\System32 and try to execute ewfmgr.exe (which is available in that path), CMD does not recognize it.

References: The script file to elevate to Admin has been taken from Matt's answer given here.

3条回答
淡お忘
2楼-- · 2019-08-01 04:27

Try modifying RunasAdmin.cmd to use Sysnative instead of System32:

set winSysFolder=Sysnative

I am guessing that EWFMGR_Run.exe is launching a 32 bit cmd window and windows is forcing the c:\windows\syswow64 override on your attempted override of set winSysFolder=System32

According to this article, you should be using the Sysnative virtual folder instead.

The 'Sysnative' folder

As explained above, accessing the 64-bit System32 folder from a 32-bit application by simply inserting "\System32" in the folder path is not possible. A redirection to the SysWOW64 folder is made automatically by the system if you try that. But there is another folder name that can be used instead: Sysnative.

Sysnative is a virtual folder, a special alias, that can be used to access the 64-bit System32 folder from a 32-bit application or script. If you for example specify this folder path in your application's source code:

C:\Windows\Sysnative

the following folder path is actually used:

C:\Windows\System32

查看更多
0人赞 添加讨论(0) 举报
做自己的国王
3楼-- · 2019-08-01 04:37

What must be at least taken into account on elevating a command script (batch file) to administrator level?

  1. The current directory changes in any case to %SystemRoot%\System32.

  2. The environment could change completely if the current user is not in administrator group and therefore the user has to use a different user account to run the batch file with elevated privileges of an administrator, for example the local administrator account must be used instead of current user account. This affects environment variables and permissions on network resources.

  3. The script is started initially always in environment of parent process which is on 64-bit Windows the 32-bit environment instead of the 64-bit environment in case of parent process is a 32-bit application.

  4. The script could be executed with 1 or more arguments enclosed in double quotes which should be passed to the script on execution with elevated privileges right.

How to handle those 4 points?

1. Current directory

Many command line scripts (batch files) are coded to work with current directory and assume that the current directory is the same directory as the batch file. That the current directory is the same directory in which the batch file is stored is true on double clicking on a batch file stored on a local drive or a network drive, except the execution of batch files from network drives is disabled by security settings.

But Windows sets %SystemRoot%\System32 as current directory on running a cmd script as scheduled task using system account.

And Windows sets %SystemRoot%\System32 as current directory on using RunAs to run a cmd script with elevated administrator privileges.

And Windows sets %SystemRoot% as current directory after printing into console window the message below on executing a batch file with a double click which is stored on a network share opened using UNC path.

'\server\share\directory'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported. Defaulting to Windows directory.

Using UNC paths as current directory could be enabled as described for example by an answer on How to run batch file from network share without "UNC path are not supported" message?

The best would be to write the entire script code to work independent on which directory is the current directory.

That means not using just the file name of a referenced file, but "Full path to\FileName.exe", i.e. the file name with file extension and with full path enclosed in double quotes.

In case of all files to run or referenced from within a cmd script are stored in an unknown folder, but are always in same folder as the cmd script, the simple method to get path for all files is using the command line:

set "SourceFolder=%~dp0"

%~dp0 expands to path of the batch file always ending with a backslash and never being enclosed in double quotes even if the folder path contains a space character or other command line syntax critical characters like an ampersand.

Then all files are referenced with using

"%SourceFolder%FileName.exe"

Note: There is not backslash (directory separator on Windows) as the environment variable SourceFolder holds the folder path already with a backslash at end.

Of course it is also possible to use cd /D "%~dp0" to set current directory to the directory of the cmd script, but this does not work for UNC paths.

But there is also the command pushd "%~dp0" working also with UNC paths if command extensions are enabled as by default.

For details on the commands CD and PUSHD run in a command prompt window cd /? and pushd /? and read the output help.

2. Environment variables

Windows creates a copy of the currently active environment table of current process whenever a new process is created.

But this is not the case when a batch file elevates itself to administrator level. Therefore it is not possible to define environment variables on initial run of a batch file, then elevate to administrator level, and access now the environment variables as defined before in initial environment. It could even happen that the batch file was initially executed in 32-bit environment on 64-bit Windows on initial execution, but runs in 64-bit environment after elevation to administrator level.

So everything which needs to be passed from initial execution to elevated execution must be parsed via command line arguments or via a file on a local drive fully accessible in all environments, i.e. for everyone.

3. 32-bit versus 64-bit environment

Sometimes a 32-bit installer is used for installing either a 32-bit or a 64-bit application depending on bit width of Windows because of running on all Windows. The batch file is processed by 32-bit cmd.exe in 32-bit environment on using a 32-bit installer even when executed on a 64-bit Windows.

At least the following three Microsoft articles should be studied carefully before reading further:

It is definitely no good idea to depend on value of environment variable PROCESSOR_ARCHITECTURE as its value is x86 when a 32-bit process is executed on 64-bit Windows in 32-bit environment.

It is also not good to query the architecture of the processor directly from Windows registry. It is not guaranteed that there is a 64-bit Windows running on a computer with a 64-bit CPU. It is not often done, but nevertheless possible to use 32-bit Windows on a computer with a 64-bit processor on main board.

The environment variable ProgramFiles(x86) is not defined by default on 32-bit Windows as it is on 64-bit Windows which can be used to determine if a command file script is running on 32-bit or 64-bit Windows.

And the file %SystemRoot%\Sysnative\cmd.exe exists only for 32-bit processes running in 32-bit environment on 64-bit Windows because of special alias Sysnative existing only for a 32-bit process in 32-bit environment on 64-bit Windows which can be used to determine in which environment the batch file is currently running.

4. Passing arguments

It is easy to elevate a batch file executed without any arguments to elevated administrator level.

It is also no problem to pass simple arguments which do not need to be enclosed in double quotes to batch file running elevated.

But passing 1 or more arguments containing at least 1 space character or one of these characters &()[]{}^=;!'+,`~<|> which require enclosing the argument string in double quotes is really not easy, especially on creating a VBScript from within a batch file to elevate to administrator level.

It is a real nightmare to try to encode double quotes in batch file correct to be passed via the VBScript to the same batch file executed with elevated privileges. Most solutions provided in world wide web simply don't support double quoted parameters. Matt's Elevate.cmd - Version 4 is no exception. Running a batch file using this code with "%ProgramFiles%\Installation Folder" as first argument results on initial execution in "C:\Program Files\Installation Folder" being the first and only argument and on elevated execution after removing argument ELEV in the 3 arguments C:\Program, Files\Installation and Folder.

5. Possible solution for this task

For this task a 32-bit NSIS installer is calling a command line script which must elevate itself to administrator level and should run on 64-bit Windows in 64-bit environment instead of 32-bit environment as on initial run.

I have once analyzed the batch and VBscript code of Matt's Elevate.cmd - Version 4, have removed all useless code, have enhanced it to support also arguments enclosed in double quotes using a much easier method than other posted, and have commented the code completely so that others can also understand it for answering UNC paths as current directories in batch file where admin rights are requested.

The batch script posted there is written to work independent on what is the current directory for working also with batch file being executed from a network share using UNC path which of course works only if the network share is still accessible according to permission settings of the share after elevation to administrator level. I found out today after a comment by Richard on his answer on Open Command Window in Windows x64 mode that the web page SS64 - Run with elevated permissions contains nearly the same code as I developed without having ever read the code there.

The adapted batch file code below should work for this task. It expects the executable ewfmgr.exe in same directory as the cmd script or ewfmgr.exe is specified with full path as first argument on executing the script in case of being in a different directory.

@echo off
setlocal EnableExtensions
cls

rem Define as application to run by default the file ewfmgr.exe in folder
rem of the batch file which can be a folder on a local drive or on a
rem network drive or even a UNC path.

set "AppToRun=%~dp0ewfmgr.exe"
set "vbsGetPrivileges=%TEMP%\OEgetPriv_%~n0.vbs"

rem The console application NET with parameter FILE can be executed
rem successfully only if the account used for running this batch file
rem has local administrator privileges. See the Microsoft TechNet article
rem https://technet.microsoft.com/en-us/library/bb490702.aspx for details
rem about NET FILE.

rem The output written to handle STDOUT on successful execution is redirected
rem to device NUL to suppress it. The exit code of NET assigned to ERRORLEVEL
rem is in this case 0 indicating a successful execution.

rem But on a failed execution because of not having administrator
rem privileges NET outputs to handle STDERR the two error messages
rem "System error 5 has occurred." and "Access is denied." which
rem are redirected from handle STDERR to device NUL to suppress them.
rem And exit/return code of NET is 1 indicating a failed execution.

rem Read https://technet.microsoft.com/en-us/library/bb490982.aspx
rem for details about using command redirection operators.

%SystemRoot%\System32\net.exe FILE >nul 2>nul
if not errorlevel 1 goto RunMainCode

if "%~1"=="ELEV" (

    rem This condition is just for safety. If the batch file was started
    rem already a second time with ELEV as first parameter and execution
    rem of NET FILE failed nevertheless because of missing permissions,
    rem the batch file outputs an error message, waits for any key press
    rem by the user to make sure that the user had the chance to read the
    rem error message and then exits the batch file processing without
    rem doing anything at all.

    echo %~nx0 should run already with elevated privileges, but it isn't.
    echo/
    echo Press any key to exit %~nx0 without doing anything ...
    pause >nul
    goto :EOF
)

rem This batch file can be started without any parameter resulting in %* being
rem expanded to nothing which results in environment variable BatchArgs being
rem deleted if already existing or with ewfmgr.exe with full path as parameter
rem which must be enclosed in double quotes in case of path containing 1 or
rem more spaces.

rem As the batch file needs to be executed once again in a separate command
rem process running as local administrator for full access at least on local
rem machine it is necessary to prepare the parameters/arguments list. Each
rem double quote in the arguments list must be doubled to be correct escaped
rem in the VBScript file.

rem This is necessary as otherwise running this batch file with
rem "Full path to\ewfmgr.exe"
rem as first parameter would result in execution of the batch file by the
rem Windows Scripting Host as Full path to\ewfmgr.exe without the double
rem quotes as arguments for the batch file and therefore the first parameter
rem is on elevated execution "Full" instead of "Full path to\ewfmgr.exe" as
rem it was initially.

rem Many "run as administrator" solutions which can be found in world wide web
rem don't handle parameter strings correct which are enclosed in double quotes
rem because the parameter string has 1 or more spaces or other critical
rem characters requiring enclosing the parameter string in double quotes.

set "BatchArgs=%*"
setlocal EnableDelayedExpansion
if defined BatchArgs set "BatchArgs= !BatchArgs:"=""!"

rem Everything output by the ECHO command lines within the next command block
rem is redirected into the VBScript file created in the folder for temporary
rem files of current user with name of batch file in VBScript file name. This
rem makes it possible that multiple batch files with different names can run
rem at the same time using same code for creating a VBScript file to run the
rem batch file once again as administrator with elevated privileges.

rem For details on ShellExecute parameters see the Microsoft MSDN article
rem https://msdn.microsoft.com/en-us/library/windows/desktop/gg537745.aspx

rem The tricky part is quoting the arguments list correct which should be
rem finally passed to cmd.exe executed from the VBScript. The command process
rem running the batch file with elevated privileges of local administrator
rem should automatically close after execution of batch file finished which
rem is the reason for first argument /C.

rem The second argument is the command to execute by `cmd.exe` which is
rem the batch file name with complete path which must be enclosed in double
rem quotes for safety in case of batch file name or path contains 1 or more
rem spaces. But additionally the batch file itself must be started with at
rem least 2 more arguments.

rem The first argument for the batch file is ELEV which is used as indication
rem to detected if this batch file is already started a second time via the
rem VBScript using local built-in administrator account.

rem The second argument for the batch file is the application to
rem run with full default path which is the batch file folder.

rem And last all parameters passed to this batch file on initial run should
rem be also passed to second execution of this batch file under the different
rem environment of local built-in administrator account.

rem This nesting of batch file arguments in command processor arguments written
rem into a VBScript file which requires additionally escaping each double quote
rem within a string with one more double quote results in a strange syntax for
rem the line to write into the VBScript file.

(
    echo Set UAC = CreateObject^("Shell.Application"^)
    echo UAC.ShellExecute "%SystemRoot%\System32\cmd.exe", "/C """"%~f0"" ELEV ""!AppToRun!""!BatchArgs!""", , "runas", 1
)>"%vbsGetPrivileges%"
endlocal

rem Now the created VBScript file can be executed with Windows Scripting Host.
rem Then the VBScript file can be deleted as not longer needed and processing
rem of this batch file under current user account ends resulting in returning
rem to command process which results in closing the console window if not
rem executed by cmd.exe started with option /K to keep the console window
rem open like on opening a command prompt window and running this batch
rem file from within the command prompt window.

%SystemRoot%\System32\WScript.exe "%vbsGetPrivileges%"
del "%vbsGetPrivileges%"
endlocal
goto :EOF


rem Here starts the main code of the batch file which needs to be
rem executed with elevated privileges of a local administrator.

rem First is checked if the first parameter of the batch file is ELEV
rem which indicates that this batch file was started a second time
rem using administrator privileges or local administrator account.

:RunMainCode
if "%~1"=="ELEV" (

    rem In this case the second argument is the application to run with
    rem batch file folder passed from initial run to this second run of
    rem the batch file. The current directory is now not anymore the initial
    rem current directory, but %SystemRoot%\System32 has set by Windows on
    rem starting a command process using RunAs and administrator account.
    rem This must be taken into account on further batch file processing.

    rem For this batch file it does not matter what is the current directory
    rem as it is written to work with path of the application to run defined
    rem on starting the batch file (initially). So there is no need to use
    rem CD /D "%~dp0"  or  PUSHD "%~dp0"  as many "run as administrator"
    rem solutions use to change the current directory to directory of the
    rem batch file. There is also no need for  CD /D "%~2"  or  PUSHD "%~2"
    rem here which of course could be also used.

    rem The two additionally added arguments ELEV and the application to
    rem run are removed from the arguments lists by using twice the
    rem command SHIFT to restore the initial arguments list.

    set "AppToRun=%~2"
    shift /1
    shift /1
)

if "%ProgramFiles(x86)%" == "" goto RunApp
if not exist %SystemRoot%\Sysnative\cmd.exe goto RunApp
%SystemRoot%\Sysnative\cmd.exe /C ""%~f0" %*"
endlocal
goto :EOF

rem If this batch file was started (initially) with a parameter string,
rem interpret the first parameter string as application to run with
rem full path if the specified executable file exists at all.

rem Then run the application with full path and its parameters.

:RunApp
if not "%~1" == "" (
    if exist "%~1" set "AppToRun=%~1"
)
"%AppToRun%" c: -enable
endlocal

6. Best solution for this task

But it turned out after I finished writing and testing the code above, writing this long answer and before posting it, reading the comment written by Richard on his answer on Open Command Window in Windows x64 mode, the best solution is most likely using the NSIS code as posted at

How do you request administrator permissions using NSIS?

And use in the command script just the few lines at bottom also posted as my answer on Open Command Window in Windows x64 mode to switch from 32-bit to 64-bit environment.

查看更多
0人赞 添加讨论(0) 举报
Viruses.
4楼-- · 2019-08-01 04:40

I'd like to point to an NSIS specific way about dealing with UAC and elevated rights.

If your NSIS installer needs to run anything with elevated permissions, you have to indicate that in your NSIS script like so:

RequestExecutionLevel admin

Once you do that, when you start the installer, it will pop up the UAC prompt and in succession won't have any problems running external scripts or programs which need elevated permissions.

This is pretty much in line with #5 of Mofi's answer - I still post this one as I think it boils it down to the need-to-know. NSIS seems to be the show-stopper here for you.

For reference: NSIS - Could not write updated PATH to HKLM

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)