"Access Denied" RENAME.bat
-
I'm trying to make a batch RENAME file work for a client machine:
taskkill /im MicrosoftEdge.exe taskkill /im MicrosoftEdgeCP.exe taskkill /im MicrosoftEdgeSH.exe RENAME C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe Microsoft.MicrosoftEdge_8wekyb3d8bbwe_remove pauseMost of the script works, but the RENAME function gets hung up on "Access Denied"
If I log into the target machine with my own credentials, I still get "Access Denied" unless I run via Elevated Powershell.
From what I've read, I can't include anything into the script to make it run elevated, besides making a shortcut that's "run as admin" and points to the .bat, but this will be for use as a GPO, and it doesn't like shortcuts.
I was reading about using psexec instead, but I'm wondering if there isn't an easier way before I have to run a script to install a thing to run a script. Or you do you think I just install psexec anyway because that's a thing I should have included in my image in the first place?
-
Auto batch file elevator: (documented here: https://stackoverflow.com/a/12264592/1016343)
Here is the variation we use daily. Couldn't get by without it. It can be scripted with GPO.
:::::::::::::::::::::::::::::::::::::::::::: :: Automatically check & get admin rights V2 :::::::::::::::::::::::::::::::::::::::::::: @echo off CLS ECHO. ECHO ============================= ECHO Running Admin shell ECHO ============================= :init setlocal DisableDelayedExpansion set "batchPath=%~0" for %%k in (%0) do set batchName=%%~nk set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs" setlocal EnableDelayedExpansion :checkPrivileges NET FILE 1>NUL 2>NUL if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges ) :getPrivileges if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges) ECHO. ECHO ************************************** ECHO Invoking UAC for Privilege Escalation ECHO ************************************** ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%" ECHO args = "ELEV " >> "%vbsGetPrivileges%" ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%" ECHO args = args ^& strArg ^& " " >> "%vbsGetPrivileges%" ECHO Next >> "%vbsGetPrivileges%" ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%" "%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %* exit /B :gotPrivileges setlocal & pushd . cd /d %~dp0 if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul & shift /1) :::::::::::::::::::::::::::: ::START :::::::::::::::::::::::::::: REM Run shell as admin (example) - put here code as you like ECHO %batchName% Arguments: %1 %2 %3 %4 %5 %6 %7 %8 %9 -
@JasGot This looks like something I can use. Thanks for posting.
-
-
@JasGot Is this code still supposed to be prompting me the UAC?
-
@G-I-Jones said in "Access Denied" RENAME.bat:
@JasGot Is this code still supposed to be prompting me the UAC?
yes, unless you disable UAC.
-
Okay so the above option wasn't working for me as I need something I can automate fully. I still haven't figured it out, but I'm getting closer.
I was able to to do a little better with Powershell.
I made a .bat file with this:
@ECHO OFF PowerShell.exe -NoProfile -Command "& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy Bypass -File ""\\share\path\DisableEdge.ps1""' -Verb RunAs}"And then the DisableEdge.ps1 file with this:
REN C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe Microsoft.MicrosoftEdge_8wekyb3d8bbwe_removeThis still prompts UAC, but only requires a YES or NO selection. So life is easier but I'd still love to have a version that just works by itself.
-
You're going to have to run the command as system or some other elevated account to bypass those prompts.
Manually running the script won't give you the same results you would get running it via GPO - FYI.. there are subtle differences. -
@Dashrender said in "Access Denied" RENAME.bat:
Manually running the script won't give you the same results you would get running it via GPO - FYI.. there are subtle differences.
In this case it's the same.
