Run Command Prompt From BatchPatch In "Administrator Mode" On Host

BatchPatch Forums Home Forums BatchPatch Support Forum Run Command Prompt From BatchPatch In "Administrator Mode" On Host

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • June 10, 2019 at 6:31 pm #9367
    cpabert
    Participant

    Is there a way to execute a command from BatchPatch on a host machine that automatically runs the cmd as an Administrator. Or is there any other possible way to do this? For Example:

    I would like to be able to disable and enable UAC remotely, but in order to do this I must execute the batchpatch cmd prompt on that machine as an administrator… Maybe there is a better way to do this?

    Thanks

    June 10, 2019 at 6:55 pm #11618
    doug
    Moderator

    In the default mode that BP runs, if the account that you use to run BP is in the local admins group on the target computer, or if you specify alternate credentials for the target host’s row in BP with an account that is in the local admins group on the target computer, the command will be executed as administrator (elevated token) when it runs on the target computer. The setting that controls this is under ‘Tools > Settings > Remote Execution > Remote Execution Context’. If you were to change that setting to ‘Normal’ then it would no longer execute the remote command with elevated token.

    June 10, 2019 at 7:05 pm #11619
    cpabert
    Participant

    It is currently set to “SYSTEM”, so I would need to change this into “Elevated Token”?

    June 10, 2019 at 7:17 pm #11620
    doug
    Moderator

    Generally speaking either one should work for your needs. They effectively have the same privileges, and 99% of the time they will behave the same as far as permissions are concerned.

    June 10, 2019 at 8:30 pm #11622
    cpabert
    Participant

    Hmm, I tried both settings and it will not actually execute the cmd. When I run it locally as an Admin it works fine, but not from batchpatch, any way to troubleshoot this?

    June 10, 2019 at 10:00 pm #11623
    doug
    Moderator

    The issue is probably nothing to do with those settings. In order to troubleshoot it I would need to see exactly what you are doing… what is the exact syntax that you are trying to execute, and how exactly are you trying to execute it in BP? Remote command 1/2 or 3/4 or with a script deployment or some other way? What is the exact error message text? etc.

    June 11, 2019 at 5:14 pm #11624
    cpabert
    Participant

    For example, trying to disable the USB Ports:

    “REG ADD HKLMSYSTEMCurrentControlSetServicesUSBSTOR /v Start /t REG_DWORD /d 4 /f”

    If I run this locally when I launch it as administrator this works fine…

    I am trying to run this through the execute local command 1, and also have tried through the execute remote/process command…

    June 11, 2019 at 6:46 pm #11625
    doug
    Moderator

    I copied your exact syntax (without the quotes) and inserted it into BatchPatch remote command, and it works properly with both SYSTEM and Elevated token remote contexts. I was able to execute it successfully in all remote commands 1,2,3 and 4 without issues.

    ‘Local command’ is not what you want for this. ‘Local command’ is for executing a command on the BatchPatch computer, not on the target/remote computer.

    As a side note, there is another way to add registry values using the BatchPatch deployment action:

    remote-registry-updates-with-batchpatch

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.