I am trying to write a batch file for my users to run from their Vista machines with UAC. The file is re-writing their hosts file, so it needs to be run with Administrator permissions. I need to be able to send them an email with a link to the .bat file. The desired behavior is that when they right-click on the file and say Open, they will get one of those UAC dialogs that makes the screen go dark and forces them to answer whether they want to give the application permission to run as administrator. Instead, they are just seeing "Access denied" on the command line window.

有可能采取不同的做法吗?


当前回答

另一种方法是

在本地创建快捷方式并将其设置为调用管理员权限(属性,高级,以管理员身份运行)

然后

向用户发送快捷方式(或指向快捷方式的链接,而不是指向批处理文件本身的链接)。

其他回答

使用mshta提示管理员权限:

@echo off
net session >nul 2>&1 && goto :admintasks
MSHTA "javascript: var shell = new ActiveXObject('shell.application'); shell.ShellExecute('%~nx0', '', '', 'runas', 1);close();"
exit /b
:admintasks
rem ADMIN TASKS HERE

或者,使用powershell:

powershell -c Start-Process "%~nx0" -Verb runas

@echo off和title可以放在下面代码之前:

net session>nul 2>&1
if %errorlevel%==0 goto main
echo CreateObject("Shell.Application").ShellExecute "%~f0", "", "", "runas">"%temp%/elevate.vbs"
"%temp%/elevate.vbs"
del "%temp%/elevate.vbs"
exit

:main
    <code goes here>
exit

如果你不需要担心以下问题,那么很多其他答案都是多余的:

参数 工作目录(cd %~dp0将更改为包含批处理文件的目录)

@echo off 
Net session >nul 2>&1 || (PowerShell start -verb runas '%~0' &exit /b)
Echo Administrative privileges have been got. & pause

上述操作适用于我的Windows 10 1903版

本·格里普卡的解决方案导致了无限循环。他的批处理是这样工作的(伪代码):

IF "no admin privileges?"
    "write a VBS that calls this batch with admin privileges"
ELSE
    "execute actual commands that require admin privileges"

正如你所看到的,如果VBS请求管理员权限失败,这将导致一个无限循环。

但是,尽管已经成功请求了管理权限,但仍可能发生无限循环。

本·格里普卡批处理文件中的检查很容易出错。我对批处理进行了研究,并观察到尽管检查失败,但管理权限可用。有趣的是,如果我从windows资源管理器启动批处理文件,检查按预期工作,但当我从我的IDE启动它时,它没有。

所以我建议使用两个单独的批处理文件。第一个生成VBS,调用第二个批处理文件:

@echo off

echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c ""%~dp0\my_commands.bat"" %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"

第二个文件名为“my_commands.bat”,与第一个文件位于同一目录,包含您的实际命令:

pushd "%CD%"
CD /D "%~dp0"
REM Your commands which require admin privileges here

这不会导致无限循环,也会删除容易出错的管理特权检查。

还有来自这篇文章的FSUTIL查询,也在ss64.com上有链接,有以下代码:

@Echo Off
Setlocal
:: First check if we are running As Admin/Elevated
FSUTIL dirty query %SystemDrive% >nul
if %errorlevel% EQU 0 goto START

::Create and run a temporary VBScript to elevate this batch file
   Set _batchFile=%~f0
   Set _Args=%*
   :: double up any quotes
   Set _batchFile=""%_batchFile:"=%""
   Set _Args=%_Args:"=""%

   Echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\~ElevateMe.vbs"
   Echo UAC.ShellExecute "cmd", "/c ""%_batchFile% %_Args%""", "", "runas", 1 >> "%temp%\~ElevateMe.vbs"

   cscript "%temp%\~ElevateMe.vbs" 
   Exit /B

:START
:: set the current directory to the batch file location
cd /d %~dp0
:: Place the code which requires Admin/elevation below
Echo We are now running as admin [%1] [%2]
pause

只要FSUTIL存在,它就是一个可靠的替代方案。