Continue batch after UAC disable

[gymiv]

I have a batch file i use for setting up new computers. I would like to add the function of disabling UAC. But i would need to reboot for it to take effect. Is there a way to disable UAC, reboot, and continue with the batch file?
This is the code i am using to disable UAC.
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

[Squashman]

You could use the RunOnce key to have something run the next time the computer starts up.
http://technet.microsoft.com/en-us/libr ... 46765.aspx

[abc0502]

Try this "NOT TESTED"

@echo off
cls

:: This check for the Registry changes made or not yet
:: if the changes is made then goto after_reboot
:: if not make that mean this is the first time to run
:: and it make it and then goto first_time

For /F %%a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA') DO (
IF %%a==0 ( Goto After_Reboot
) Else ( Goto First_Time )
)

:First-Time

:: 1st Disable UAC from Registry
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f >nul

:: 2nd take a copy of this batch to start up folder
Copy /Y "location_of_this_batch" "C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\batch_name"

:: 3rd Now Rebooting the system
Shutdown -r -f -t 2

:After_Reboot

:: put your commands here to be done after the PC Restart

Replace the text in red with the information needed

[gymiv]

I believe that will work but won't that leave the batch file in the startup menu. Also i have several exe that this batch runs i would need to copy those to a temp file as well

[Ed Dyreen]

'
If ever you need to reboot to make your changes effective you will need to:
- autoLogon the current account
- autoRun this script, and continue where we left
- reboot

you will need to write the functions between %percent% signs yourself if you can't won't use the lib which has a %reBoot_% function build in.

To do this properly, it is really more complicated than I state here but,
I just provide you the key essentials

%autoLogon_%

Code: Select all

%for§_% (

       "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"

) do (
       ( %regKey.write_% "%%~§", DefaultUserName,"!$user!",              REG_SZ,        1 )
       ( %regKey.write_% "%%~§", DefaultPassword,"!$user.%$user%.passw!",REG_SZ,        1 )
       ( %regKey.write_% "%%~§", AutoLogonCount, "1",                    REG_DWORD,     1 )
       ( %regKey.write_% "%%~§", AutoAdminLogon, "1",                    REG_SZ,        1 )
)

%autoRun_%

Code: Select all

set      "$regHive=HKCU"
set "$reg.fullPath=!$regHive!\Software\Microsoft\Windows\CurrentVersion\RunOnce"

if !$isAdmin! neq 0 (

       ( %regKey.write_% "!$reg.fullPath!", "!$autoRun.file!", "!$autoRun.fullPathFile!", REG_SZ, 1 )
) else ( %regKey.write_% "!$reg.fullPath!", "!$autoRun.file!", "wScript.EXE """"!$DOS-KIT.fullPath!\VBS\runAs.VBS!"""" """"!computerName!\Administrator"""" !$user.%$user.name%.passw! """"!$autoRun.fullPathFile!"""" ", REG_SZ, 1 )

%reBoot_%

Code: Select all

shutDown -r -f -t 3 -c "reBoot: '!$user!', $jumpLabel: '!$jumpLabel!'"

runAs.VBS is part of the lib, just download and unpack.


Hope it helps,

[foxidrive]

It tickles my funny bone because malware would commonly do such things. They spend time on the OS to prevent it...

[gymiv]

can you use this in a batch or is this simply for vbs. I am doing this out of a batch file. Can you explain autorun portion more this has me confused.

[Ed Dyreen]

It tickles my funny bone because malware would commonly do such things.

Unattended installation software will do it also typically

can you use this in a batch or is this simply for vbs.

Would I post it if it wasn't for batch.

I am doing this out of a batch file. Can you explain autorun portion more this has me confused.

The important thing is the reg key you need to add, the runAs.VBS is not essential it just elevates permissions.
Look at the link Squashman provided on how to use the runOnce key.

[gymiv]

I tried running the code you showed but it errors out on the reg.fullpath

C:\Users\p1tech\Desktop>set "$regHive=HKCU"

C:\Users\p1tech\Desktop>set "$reg.fullPath=!$regHive!\Software\Microsoft\Windows
\CurrentVersion\RunOnce"

C:\Users\p1tech\Desktop>if !$isAdmin! NEQ 0 (("!$reg.fullPath!", "!$autoRun.file
!", "!$autoRun.fullPathFile!", REG_SZ, 1 ) ) else ("!$reg.fullPath!", "!$autoR
un.file!", "wScript.EXE """"!$DOS-KIT.fullPath!\VBS\runAs.VBS!"""" """"!computer
Name!\Administrator"""" !$user..passw! """"!$autoRun.fullPathFile!"""" ", REG_SZ
, 1 )
'"!$reg.fullPath!"' is not recognized as an internal or external command,
operable program or batch file.

[abc0502]

I believe that will work but won't that leave the batch file in the startup menu. Also i have several exe that this batch runs i would need to copy those to a temp file as well

For the batch that will remain in the start up folder u just add this command after all ur commands are finished

Del /F /Q "C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\batch_name"

and for your exe programs just when u add a command point to the fixed place you are running your exe from, and if it was from a usb you can use this code to get the usb drive letter

setlocal
For %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
if exist "%%A:\" (for /f "tokens=5 delims= " %%B in ('Vol %%A:') Do if %%B==XXXX-XXXX set drv=%%A)
)
:: many thanks to foxidrive for fixing this code

The XXXX-XXXX is the serial number of your usb, you can get it by using this command vol F: and replace the F with the real letter

and when pointing to a program instead of using "For Example"

C:\apps\program.exe

u use

%drv%:\apps\program.exe

and Don't forget the Red ":"

[gymiv]

Thanks i will put all that together and test as soon as i get a chance. Will let you know as soon as i find out.
Many thanks

[gymiv]

[edit by Ed Dyreen] Why no code tags ?

I am getting an access denied when it tries to change the registry entry. Here is the begining of the script and results, I had added some pauses to keep it from rebooting during testing. Any ideas?

Code: Select all

rem @ECHO OFF

:: Disable UAC
:: This check for the Registry changes made or not yet
:: if the changes is made then goto after_reboot
:: if not make that mean this is the first time to run
:: and it make it and then goto first_time

For /F %%a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\System /v EnableLUA') DO (
IF %%a==0 ( Goto After_Reboot
) Else ( Goto First_Time )
)

:First_Time

:: 1st Disable UAC from Registry
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" 
/t "REG_DWORD" /d "0" /f >nul
pause

:: 2nd take a copy of this batch to start up folder
:: Get USB drive letter 
:: Use vol f: to get serial number
:: To point to a program on the USB drive use %drv%:\apps\program.exe

setlocal
For %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
if exist "%%A:\" (for /f "tokens=5 delims= " %%B in ('Vol %%A:') Do if %%B==B729-02C8 
set drv=%%A)
)
echo %drv%
pause

Copy /Y "%drv%:\NewMachineSetup.bat" "C:\users\%username%\AppData\Roaming\Microsoft
\Windows\Start Menu\Programs\Startup\NewMachineSetup.bat"
Pause

:: 3rd Now Rebooting the system
Pause
Shutdown -r -f -t 2

C:\Users\p1tech\Desktop>rem @ECHO OFF

C:\Users\p1tech\Desktop>For /F %a in ('REG Query HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Policies\System /v EnableLUA') DO (IF %a == 0 (Goto After_Reboot
 )  Else (Goto First_Time  ) )

C:\Users\p1tech\Desktop>(IF HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curren
tVersion\Policies\System == 0 (Goto After_Reboot )  Else (Goto First_Time  ) )

C:\Users\p1tech\Desktop>REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\System" /v "EnableLUA" /t "REG_DWORD" /d "0" /f  1>nul
ERROR: Access is denied.

C:\Users\p1tech\Desktop>pause
Press any key to continue . . .

[Ed Dyreen]

I am getting an access denied when it tries to change the registry entry.

Are you running with administrator permissions ? You could Google 'runAs.EXE' or download my 'runAs.VBS' I told you about previously. This will require your script to spawn another instance of itself and then exit.

Google 'setACL.EXE' to prevent it from happening again:

Code: Select all

for %%? in (

       "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce"

) do    for %%! in (

       Administrators, etc...

) do  "!FullPathFile.SetACL!" -on "%%~?" -ot reg -actn ace -ace "n:%%~!;p:Full;m:set"

[gymiv]

If i do a runas administrator by right clicking it pops up an authentication box. My apologies for being ignorant but i am not familiar with "lib" command. I have looked on both pages for a download site and cannot find what you are trying to tell me. Can you point me to the download site you are refering to? I am using win7

[abc0502]

The First IF statement have two options go to First_Time Or go to After_Reboot and you Removed the second option from your code

:After_Reboot

Put This after this command

Code: Select all

Shutdown -r -f -t 2

So it will look like that:

Pause
Shutdown -r -f -t 2
:After_Reboot
C:\Users\p1tech\Desktop>rem @ECHO OFF