jaclaz Posted February 6, 2015 Share Posted February 6, 2015 (edited) I am trying to put together a simple (or as simple as possible) set of batch commands to be run on both XP/2003 and Vista /7/8/8.x/Server 2008R1/2008R2/2012/*possibly whatever later* that DO NEED Admin credentials (on XP/2003) and REAL Admin (elevated) credentials on the later OS's. At the end of the day, I have come out with the attached testelev.cmd. Everything should be "language/locale independent", but you never know. until actually tested. Description from within the batch: ::testelev.cmd small batch file to check Windows version and ::credentials, self-elevating if needed, limited to good NT based systems ::without the senseless UAC, i.e. XP/2003 (BUT NOT NT or 2000) ::conventionally "pre-Vista" ::And to the senseless UAC featured NT systems, conventionally "Vista or later" :: ::To possibly add compatibility with 2000 (but NOT NT) change the command: ::FSUTIL DIRTY QUERY %systemdrive% ::to: ::SFC 2>&1 | FIND /I "/SCANNOW" ::Version 0.02 06 February 2015 ::Based on ideas found here: http://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights ::And here: http://stackoverflow.com/questions/7985755/how-to-detect-if-cmd-is-running-as-administrator-has-elevated-privileges ::It uses the elevate.exe from here: http://code.kliu.org/misc/elevate/ I have little chances to test the batch in all conditions, i.e. when run:as non Admin from command promptas above but by double clicking the batchas Admin from command promptas above but by double clicking the batchas Admin ELEVATED from command promptas above but by double clicking the batchin any other way on all the (hopefully) supported OS, so, if any member would be so kind to test it in the *whatever* OS he/she is running and post a report *like* (example): OS: Vista Language: English Test #1 OK Test #2 OK Test #3 OK Test #4 Issue <insert here description of what happens> Test #5 OK Test #6 Issue <insert here description of what happens> Test #7 N/Ait would greatly help to improve or change it (if needed) or to confirm it's good/working *everywhere*. Thanks in advance for reports/feedback/comments. jaclaz P.S.: Batch updated, please re-download if you got it before the time of this EDIT.testelev.zip Edited February 6, 2015 by jaclaz Link to comment Share on other sites More sharing options...
Dave-H Posted February 6, 2015 Share Posted February 6, 2015 OK, I've done some tests.I don't have any non-administrative accounts set up on my 8.1 machines.I'll give you the whole output.The ones that end with "press any key" would have closed the prompt if I had done at that point of course! Windows 8.1 Admin from non-elevated prompt -Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>s:S:\>testelevVista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny onlyOK, I am a local admin ...I am NOT running elevated, BAD.The needed file elevate.exe is missingget it from http://code.kliu.org/misc/elevate/and put it somewhere in PATH or in th esame directory of the batchPress any key to continue . . .S:\>Windows 8.1 Admin from non-elevated prompt double clicking -Vista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny onlyOK, I am a local admin ...I am NOT running elevated, BAD.The needed file elevate.exe is missingget it from http://code.kliu.org/misc/elevate/and put it somewhere in PATH or in th esame directory of the batchPress any key to continue . . .Windows 8.1 Admin from elevated prompt -Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\WINDOWS\system32>s:S:\>testelevVista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level Label S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .S:\>Windows 8.1 Admin from elevated prompt double clicking -Vista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level Label S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .Windows XP from prompt -Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.C:\XP User Files\Dave>s:S:\>testelevXP or 2003 ...... I am an Admin, nothing to do.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - D: is NOT DirtyPress any key to continue . . .S:\>Windows XP from double clicking -XP or 2003 ...... I am an Admin, nothing to do.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - D: is NOT DirtyPress any key to continue . . .HTH. Link to comment Share on other sites More sharing options...
jaclaz Posted February 6, 2015 Author Share Posted February 6, 2015 Good. Os detection and credential levels detection seem to be accurate. THOUGH these: Windows 8.1 Admin from non-elevated prompt -Windows 8.1 Admin from non-elevated prompt double clicking Are actually non-reports, I mean, guess WHAT EXACTLY the batch is trying to tell you ? : The needed file elevate.exe is missing get it from http://code.kliu.org/misc/elevate/ and put it somewhere in PATH or in th esame directory of the batch(and that you are kindly required to comply with before re-running the batch) Corrected the typo "th esame" into "the same" and added redirection to nul to the Whoami commands in the attached, no version number change, please re-download and re-test (once having added the elevate.exe) just on Windows 8.1 (the XP is OK, and I can test it myself), thanks. jaclaz Link to comment Share on other sites More sharing options...
Dave-H Posted February 6, 2015 Share Posted February 6, 2015 Sorry, I'm being an id*** again! Here is the 8.1 output with a non-elevated prompt, with the elevate.exe file added!A UAC prompt had to be OKed both times. From Command Prompt -**********************************************************************************FIRST PROMPT WINDOW RESULTING IN UAC PROMPT**********************************************************************************Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>s:S:\>testelevVista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny onlyOK, I am a local admin ...I am NOT running elevated, BAD.S:\>**********************************************************************************SECOND PROMPT WINDOW WHICH THEN POPPED UP AFTER THE UAC PROMPT WAS DISMISSED**********************************************************************************Vista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level Label S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .From double-clicking -**********************************************************************************SECOND PROMPT WINDOW AFTER FIRST AUTOMATICALLY CLOSED WHEN UAC PROMPT DISMISSED**********************************************************************************Vista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level Label S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . . Link to comment Share on other sites More sharing options...
bphlpt Posted February 6, 2015 Share Posted February 6, 2015 (edited) I also did not have a non-administrative account handy, and all my command windows are automatically elevated. OS - Win7 x64Language - English(1) N/A(2) N/A(3) N/A(4) N/A(5) OK(6) OK(7) - People should already know, but their anti-virus could possibly interfere with this script, so it should be temporarily disabled before running the script, unless your script could be configured to test for an offending condition ( probably too complicated to be worthwhile )? I have Win7 x64 Ultimate and run as an admin, but when I ran the script with my anti-virus enabled - COMODO Internet Security with HIPS [Host-based intrusion prevention system -- ie a sandbox] - then the script got into an endless loop where it said I was not running elevated, BAD, spawned a new command window, and repeated forever until I killed the script with CTRL-C. Output from 5 and 6:Vista , or later, ...BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level Label S-1-16-12288 Mandatory group, Enabled by default, Enabled group ... and I am running elevated, good.Press any key to continue . . . Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT Dirty Press any key to continue . . . Edited February 6, 2015 by bphlpt Link to comment Share on other sites More sharing options...
Dave-H Posted February 6, 2015 Share Posted February 6, 2015 (edited) My shortcuts run elevated prompts too, but just putting "cmd" in the run box I hope still runs a non-elevated one!I just use Windows Defender on Windows 8.1, and it didn't seem to cause any problems.I used the 64 bit version of elevate.exe. As an aside, why on earth did the board software automatically put asterisks in the word "id**t" (I've done it for it this time!) in my last post?That's a bit over-sensitive surely! Edited February 6, 2015 by Dave-H Link to comment Share on other sites More sharing options...
bphlpt Posted February 6, 2015 Share Posted February 6, 2015 As an aside, why on earth did the board software automatically put asterisks in the word "id**t" (I've done it for it this time!) in my last post?That's a bit over-sensitive surely! It has done that for quite awhile. Instead, you could write it as id1ot or id10t or idi0t. Cheers and Regards Link to comment Share on other sites More sharing options...
jaclaz Posted February 7, 2015 Author Share Posted February 7, 2015 The redirection to nul of the Whoami seems like not happening. can you try on a plain cmd prompt (in windows 8.x) these commnds?:whoami /Groups | FIND "S-1-5-32-544" whoami /Groups | FIND "S-1-5-32-544" >nul whoami /Groups | FIND "S-1-5-32-544" >nul 2>&1#1 should output the BUILTIN\Administrators ...#2 should output nothing (as it is redirected to nul, but seemingly it still does output the same)#3 maybe actually outputs nothing as also the error is redirected to standard @bhpltWith reference to #7, Maybe it is possible to set a counter of some kind in such a way that it detects the second loop and exits throwing a message like "Your stupid antivirus or something else is conflicting with this script, re-run it under FULL Admin credentials (Elevated command prompt)." jaclaz Link to comment Share on other sites More sharing options...
Dave-H Posted February 9, 2015 Share Posted February 9, 2015 Here's what I got -Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>whoami /Groups | FIND "S-1-5-32-544"BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny onlyC:\Users\Dave>whoami /Groups | FIND "S-1-5-32-544" >nulC:\Users\Dave>whoami /Groups | FIND "S-1-5-32-544" >nul 2>&1C:\Users\Dave> Link to comment Share on other sites More sharing options...
jaclaz Posted February 9, 2015 Author Share Posted February 9, 2015 (edited) Well then you posted earlier (on post #4) *something* else from what was asked, i.e. you posted the output of the earlier version Corrected the typo "th esame" into "the same" and added redirection to nul to the Whoami commands in the attached, no version number change, please re-download and re-test (once having added the elevate.exe) just on Windows 8.1 (the XP is OK, and I can test it myself), thanks. Maybe we "lost sync" or cross-posted.The version attached to post #1 does have redirection to nul, so it shouldn't have created the output you posted on #4.But also bhplt posted the same (is it possible that he also went "out-of-sync"? ) Can you please re-download and re-test? jaclaz Edited February 9, 2015 by jaclaz Link to comment Share on other sites More sharing options...
Dave-H Posted February 9, 2015 Share Posted February 9, 2015 Sorry again jaclaz, here is the output with the current version, I had completely missed that you had updated it!I really should learn to read things properly....... Windows 8.1 Admin from non-elevated prompt -**********************************************************************************FIRST PROMPT WINDOW RESULTING IN UAC PROMPT**********************************************************************************Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>s:S:\>testelevVista , or later, ...OK, I am a local admin ...I am NOT running elevated, BAD.S:\>**********************************************************************************SECOND PROMPT WINDOW WHICH THEN POPPED UP AFTER THE UAC PROMPT WAS DISMISSED**********************************************************************************Vista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .Windows 8.1 Admin from non-elevated prompt double clicking -**********************************************************************************SECOND PROMPT WINDOW AFTER FIRST AUTOMATICALLY CLOSED WHEN UAC PROMPT DISMISSED**********************************************************************************Vista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .Windows 8.1 Admin from elevated prompt -Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\WINDOWS\system32>s:S:\>testelevVista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .S:\>Windows 8.1 Admin from elevated prompt double clicking -Vista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . . Link to comment Share on other sites More sharing options...
jaclaz Posted February 9, 2015 Author Share Posted February 9, 2015 Sorry again jaclaz, here is the output with the current version, I had completely missed that you had updated it!I really should learn to read things properly.......No prob, with these (lately) few hiccups of the board it is easy to get "out of sync" . So, it seems like the thingy - at least in 8.1 - is working fine. jaclaz Link to comment Share on other sites More sharing options...
DosProbie Posted February 10, 2015 Share Posted February 10, 2015 Jaclaz, Here is the output as non-admin with Windows 10 build 9926.~DP Imagine that this is an actually useful command executed in elevated mode. Error: Access is denied. Press any key to continue . . . Link to comment Share on other sites More sharing options...
jaclaz Posted February 10, 2015 Author Share Posted February 10, 2015 Jaclaz, Here is the output as non-admin with Windows 10 build 9926.~DP Which is good , as another confirmation how stupid the stupid Windows 10 (which at the moment of this writing is a NON-released new, experimental OS) actually is. When (if) it will be released, then - maybe - we will be able to see what are the results in that stupid environment of the "base" commands used in the batch and hopefully there will be some official documentation about the stupid changes that are/will be implemented in it.If you could post the output of running the VER and of the WHOMAI /groups commands in it, I could add a few lines *like* :VER | FINDSTR /i "6\.[4]\." > nulIF %ERRORLEVEL% EQU 0 (ECHO You are running a stupid OS, we cannot cure that, sorry .GOTO :EOF)More seriously, add just before the ":just_do_it" label a line *like*:ECHO NOT Xp/2003, NOR Vista up to 8.1, this must be a crappy new OS...exiting...&PAUSE&GOTO :EOFAnd experiment with adding something *like*:VER | FINDSTR /i "6\.[4]\." > nulIF %ERRORLEVEL% EQU 0 (ECHO Windows 10 or whatever, ...whoami /groups | find "S-1-5-32-544" >nul && ECHO OK, I am a local admin ...whoami /groups | find "S-1-16-12288" >nul || ECHO I am NOT running elevated, BAD.&&GOTO :do_elevateFSUTIL DIRTY QUERY %systemdrive% >nul || ECHO ... wait a minute, I need elevation anyway&&GOTO :do_elevateECHO ... and I am running elevated, good.PAUSEGOTO :just_do_it)in the same place, before the added "ECHO NOT Xp/2003, ...". I am assuming in the above that the windows version reported is 6.4 and that the whoami/groups output has not changed, but have no way to check these assumptions.jaclaz Link to comment Share on other sites More sharing options...
Yzöwl Posted February 10, 2015 Share Posted February 10, 2015 jaclaz, here are the results from my console windows testing the commands you gave above. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now