BatchPatch Forums Home › Forums › BatchPatch Support Forum › Run Command Prompt From BatchPatch In "Administrator Mode" On Host
- This topic has 7 replies, 2 voices, and was last updated 5 years, 6 months ago by doug.
-
AuthorPosts
-
June 10, 2019 at 6:31 pm #9367cpabertParticipant
Is there a way to execute a command from BatchPatch on a host machine that automatically runs the cmd as an Administrator. Or is there any other possible way to do this? For Example:
I would like to be able to disable and enable UAC remotely, but in order to do this I must execute the batchpatch cmd prompt on that machine as an administrator… Maybe there is a better way to do this?
Thanks
June 10, 2019 at 6:55 pm #11618dougModeratorIn the default mode that BP runs, if the account that you use to run BP is in the local admins group on the target computer, or if you specify alternate credentials for the target host’s row in BP with an account that is in the local admins group on the target computer, the command will be executed as administrator (elevated token) when it runs on the target computer. The setting that controls this is under ‘Tools > Settings > Remote Execution > Remote Execution Context’. If you were to change that setting to ‘Normal’ then it would no longer execute the remote command with elevated token.
June 10, 2019 at 7:05 pm #11619cpabertParticipantIt is currently set to “SYSTEM”, so I would need to change this into “Elevated Token”?
June 10, 2019 at 7:17 pm #11620dougModeratorGenerally speaking either one should work for your needs. They effectively have the same privileges, and 99% of the time they will behave the same as far as permissions are concerned.
June 10, 2019 at 8:30 pm #11622cpabertParticipantHmm, I tried both settings and it will not actually execute the cmd. When I run it locally as an Admin it works fine, but not from batchpatch, any way to troubleshoot this?
June 10, 2019 at 10:00 pm #11623dougModeratorThe issue is probably nothing to do with those settings. In order to troubleshoot it I would need to see exactly what you are doing… what is the exact syntax that you are trying to execute, and how exactly are you trying to execute it in BP? Remote command 1/2 or 3/4 or with a script deployment or some other way? What is the exact error message text? etc.
June 11, 2019 at 5:14 pm #11624cpabertParticipantFor example, trying to disable the USB Ports:
“REG ADD HKLMSYSTEMCurrentControlSetServicesUSBSTOR /v Start /t REG_DWORD /d 4 /f”
If I run this locally when I launch it as administrator this works fine…
I am trying to run this through the execute local command 1, and also have tried through the execute remote/process command…
June 11, 2019 at 6:46 pm #11625dougModeratorI copied your exact syntax (without the quotes) and inserted it into BatchPatch remote command, and it works properly with both SYSTEM and Elevated token remote contexts. I was able to execute it successfully in all remote commands 1,2,3 and 4 without issues.
‘Local command’ is not what you want for this. ‘Local command’ is for executing a command on the BatchPatch computer, not on the target/remote computer.
As a side note, there is another way to add registry values using the BatchPatch deployment action:
-
AuthorPosts
- You must be logged in to reply to this topic.