Continue batch after UAC disable

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
gymiv
Posts: 38
Joined: 10 Jul 2012 13:47

Continue batch after UAC disable

#1 Post by gymiv » 16 Jul 2012 08:02

I have a batch file i use for setting up new computers. I would like to add the function of disabling UAC. But i would need to reboot for it to take effect. Is there a way to disable UAC, reboot, and continue with the batch file?
This is the code i am using to disable UAC.
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Squashman
Expert
Posts: 4465
Joined: 23 Dec 2011 13:59

Re: Continue batch after UAC disable

#2 Post by Squashman » 16 Jul 2012 08:06

You could use the RunOnce key to have something run the next time the computer starts up.
http://technet.microsoft.com/en-us/libr ... 46765.aspx

abc0502
Posts: 1007
Joined: 26 Oct 2011 22:38
Location: Egypt

Re: Continue batch after UAC disable

#3 Post by abc0502 » 16 Jul 2012 08:21

Try this "NOT TESTED"
@echo off
cls

:: This check for the Registry changes made or not yet
:: if the changes is made then goto after_reboot
:: if not make that mean this is the first time to run
:: and it make it and then goto first_time

For /F %%a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA') DO (
IF %%a==0 ( Goto After_Reboot
) Else ( Goto First_Time )
)

:First-Time

:: 1st Disable UAC from Registry
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f >nul

:: 2nd take a copy of this batch to start up folder
Copy /Y "location_of_this_batch" "C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\batch_name"

:: 3rd Now Rebooting the system
Shutdown -r -f -t 2

:After_Reboot

:: put your commands here to be done after the PC Restart

Replace the text in red with the information needed

gymiv
Posts: 38
Joined: 10 Jul 2012 13:47

Re: Continue batch after UAC disable

#4 Post by gymiv » 16 Jul 2012 09:08

I believe that will work but won't that leave the batch file in the startup menu. Also i have several exe that this batch runs i would need to copy those to a temp file as well

Ed Dyreen
Expert
Posts: 1569
Joined: 16 May 2011 08:21
Location: Flanders(Belgium)
Contact:

Re: Continue batch after UAC disable

#5 Post by Ed Dyreen » 16 Jul 2012 09:10

'
If ever you need to reboot to make your changes effective you will need to:
- autoLogon the current account
- autoRun this script, and continue where we left
- reboot

you will need to write the functions between %percent% signs yourself if you can't won't use the lib which has a %reBoot_% function build in.

To do this properly, it is really more complicated than I state here but,
I just provide you the key essentials

%autoLogon_%

Code: Select all

%for§_% (

       "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"

) do (
       ( %regKey.write_% "%%~§", DefaultUserName,"!$user!",              REG_SZ,        1 )
       ( %regKey.write_% "%%~§", DefaultPassword,"!$user.%$user%.passw!",REG_SZ,        1 )
       ( %regKey.write_% "%%~§", AutoLogonCount, "1",                    REG_DWORD,     1 )
       ( %regKey.write_% "%%~§", AutoAdminLogon, "1",                    REG_SZ,        1 )
)
%autoRun_%

Code: Select all

set      "$regHive=HKCU"
set "$reg.fullPath=!$regHive!\Software\Microsoft\Windows\CurrentVersion\RunOnce"

if !$isAdmin! neq 0 (

       ( %regKey.write_% "!$reg.fullPath!", "!$autoRun.file!", "!$autoRun.fullPathFile!", REG_SZ, 1 )
) else ( %regKey.write_% "!$reg.fullPath!", "!$autoRun.file!", "wScript.EXE """"!$DOS-KIT.fullPath!\VBS\runAs.VBS!"""" """"!computerName!\Administrator"""" !$user.%$user.name%.passw! """"!$autoRun.fullPathFile!"""" ", REG_SZ, 1 )
%reBoot_%

Code: Select all

shutDown -r -f -t 3 -c "reBoot: '!$user!', $jumpLabel: '!$jumpLabel!'"
runAs.VBS is part of the lib, just download and unpack.


Hope it helps,

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Continue batch after UAC disable

#6 Post by foxidrive » 16 Jul 2012 09:22

It tickles my funny bone because malware would commonly do such things. They spend time on the OS to prevent it...

gymiv
Posts: 38
Joined: 10 Jul 2012 13:47

Re: Continue batch after UAC disable

#7 Post by gymiv » 16 Jul 2012 09:26

can you use this in a batch or is this simply for vbs. I am doing this out of a batch file. Can you explain autorun portion more this has me confused.

Ed Dyreen
Expert
Posts: 1569
Joined: 16 May 2011 08:21
Location: Flanders(Belgium)
Contact:

Re: Continue batch after UAC disable

#8 Post by Ed Dyreen » 16 Jul 2012 09:37

foxidrive wrote:It tickles my funny bone because malware would commonly do such things.
Unattended installation software will do it also typically :wink:
gymiv wrote:can you use this in a batch or is this simply for vbs.
Would I post it if it wasn't for batch.
gymiv wrote:I am doing this out of a batch file. Can you explain autorun portion more this has me confused.
The important thing is the reg key you need to add, the runAs.VBS is not essential it just elevates permissions.
Look at the link Squashman provided on how to use the runOnce key.

gymiv
Posts: 38
Joined: 10 Jul 2012 13:47

Re: Continue batch after UAC disable

#9 Post by gymiv » 16 Jul 2012 10:05

I tried running the code you showed but it errors out on the reg.fullpath

C:\Users\p1tech\Desktop>set "$regHive=HKCU"

C:\Users\p1tech\Desktop>set "$reg.fullPath=!$regHive!\Software\Microsoft\Windows
\CurrentVersion\RunOnce"

C:\Users\p1tech\Desktop>if !$isAdmin! NEQ 0 (("!$reg.fullPath!", "!$autoRun.file
!", "!$autoRun.fullPathFile!", REG_SZ, 1 ) ) else ("!$reg.fullPath!", "!$autoR
un.file!", "wScript.EXE """"!$DOS-KIT.fullPath!\VBS\runAs.VBS!"""" """"!computer
Name!\Administrator"""" !$user..passw! """"!$autoRun.fullPathFile!"""" ", REG_SZ
, 1 )
'"!$reg.fullPath!"' is not recognized as an internal or external command,
operable program or batch file.

abc0502
Posts: 1007
Joined: 26 Oct 2011 22:38
Location: Egypt

Re: Continue batch after UAC disable

#10 Post by abc0502 » 16 Jul 2012 12:36

gymiv wrote:I believe that will work but won't that leave the batch file in the startup menu. Also i have several exe that this batch runs i would need to copy those to a temp file as well


For the batch that will remain in the start up folder u just add this command after all ur commands are finished
Del /F /Q "C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\batch_name"


and for your exe programs just when u add a command point to the fixed place you are running your exe from, and if it was from a usb you can use this code to get the usb drive letter
setlocal
For %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
if exist "%%A:\" (for /f "tokens=5 delims= " %%B in ('Vol %%A:') Do if %%B==XXXX-XXXX set drv=%%A)
)
:: many thanks to foxidrive for fixing this code :)

The XXXX-XXXX is the serial number of your usb, you can get it by using this command vol F: and replace the F with the real letter

and when pointing to a program instead of using "For Example"
C:\apps\program.exe
u use
%drv%:\apps\program.exe
and Don't forget the Red ":"

gymiv
Posts: 38
Joined: 10 Jul 2012 13:47

Re: Continue batch after UAC disable

#11 Post by gymiv » 16 Jul 2012 13:18

Thanks i will put all that together and test as soon as i get a chance. Will let you know as soon as i find out.
Many thanks

gymiv
Posts: 38
Joined: 10 Jul 2012 13:47

Re: Continue batch after UAC disable

#12 Post by gymiv » 16 Jul 2012 15:56

[edit by Ed Dyreen] Why no code tags ?

I am getting an access denied when it tries to change the registry entry. Here is the begining of the script and results, I had added some pauses to keep it from rebooting during testing. Any ideas?

Code: Select all

rem @ECHO OFF

:: Disable UAC
:: This check for the Registry changes made or not yet
:: if the changes is made then goto after_reboot
:: if not make that mean this is the first time to run
:: and it make it and then goto first_time

For /F %%a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\System /v EnableLUA') DO (
IF %%a==0 ( Goto After_Reboot
) Else ( Goto First_Time )
)

:First_Time

:: 1st Disable UAC from Registry
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA"
/t "REG_DWORD" /d "0" /f >nul
pause

:: 2nd take a copy of this batch to start up folder
:: Get USB drive letter
:: Use vol f: to get serial number
:: To point to a program on the USB drive use %drv%:\apps\program.exe

setlocal
For %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
if exist "%%A:\" (for /f "tokens=5 delims= " %%B in ('Vol %%A:') Do if %%B==B729-02C8
set drv=%%A)
)
echo %drv%
pause

Copy /Y "%drv%:\NewMachineSetup.bat" "C:\users\%username%\AppData\Roaming\Microsoft
\Windows\Start Menu\Programs\Startup\NewMachineSetup.bat"
Pause

:: 3rd Now Rebooting the system
Pause
Shutdown -r -f -t 2

C:\Users\p1tech\Desktop>rem @ECHO OFF

C:\Users\p1tech\Desktop>For /F %a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Policies\System /v EnableLUA') DO (IF %a == 0 (Goto After_Reboot
 )  Else (Goto First_Time  ) )

C:\Users\p1tech\Desktop>(IF HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curren
tVersion\Policies\System == 0 (Goto After_Reboot )  Else (Goto First_Time  ) )

C:\Users\p1tech\Desktop>REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f  1>nul
ERROR: Access is denied.

C:\Users\p1tech\Desktop>pause
Press any key to continue . . .

Ed Dyreen
Expert
Posts: 1569
Joined: 16 May 2011 08:21
Location: Flanders(Belgium)
Contact:

Re: Continue batch after UAC disable

#13 Post by Ed Dyreen » 16 Jul 2012 19:13

gymiv wrote:I am getting an access denied when it tries to change the registry entry.
Are you running with administrator permissions ? You could Google 'runAs.EXE' or download my 'runAs.VBS' I told you about previously. This will require your script to spawn another instance of itself and then exit.

Google 'setACL.EXE' to prevent it from happening again:

Code: Select all

for %%? in (

       "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce"

) do    for %%! in (

       Administrators, etc...

) do  "!FullPathFile.SetACL!" -on "%%~?" -ot reg -actn ace -ace "n:%%~!;p:Full;m:set"

gymiv
Posts: 38
Joined: 10 Jul 2012 13:47

Re: Continue batch after UAC disable

#14 Post by gymiv » 17 Jul 2012 07:11

If i do a runas administrator by right clicking it pops up an authentication box. My apologies for being ignorant but i am not familiar with "lib" command. I have looked on both pages for a download site and cannot find what you are trying to tell me. Can you point me to the download site you are refering to? I am using win7

abc0502
Posts: 1007
Joined: 26 Oct 2011 22:38
Location: Egypt

Re: Continue batch after UAC disable

#15 Post by abc0502 » 17 Jul 2012 08:04

The First IF statement have two options go to First_Time Or go to After_Reboot and you Removed the second option from your code
:After_Reboot

Put This after this command

Code: Select all

Shutdown -r -f -t 2

So it will look like that:
Pause
Shutdown -r -f -t 2
:After_Reboot
C:\Users\p1tech\Desktop>rem @ECHO OFF


Post Reply