"Access Denied" RENAME.bat



  • I'm trying to make a batch RENAME file work for a client machine:

    taskkill /im MicrosoftEdge.exe
    taskkill /im MicrosoftEdgeCP.exe
    taskkill /im MicrosoftEdgeSH.exe
    RENAME C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe Microsoft.MicrosoftEdge_8wekyb3d8bbwe_remove
    pause
    

    Most of the script works, but the RENAME function gets hung up on "Access Denied"

    If I log into the target machine with my own credentials, I still get "Access Denied" unless I run via Elevated Powershell.

    From what I've read, I can't include anything into the script to make it run elevated, besides making a shortcut that's "run as admin" and points to the .bat, but this will be for use as a GPO, and it doesn't like shortcuts.

    I was reading about using psexec instead, but I'm wondering if there isn't an easier way before I have to run a script to install a thing to run a script. Or you do you think I just install psexec anyway because that's a thing I should have included in my image in the first place?



  • Auto batch file elevator: (documented here: https://stackoverflow.com/a/12264592/1016343)

    Here is the variation we use daily. Couldn't get by without it. It can be scripted with GPO.

    ::::::::::::::::::::::::::::::::::::::::::::
    :: Automatically check & get admin rights V2
    ::::::::::::::::::::::::::::::::::::::::::::
    @echo off
    CLS
    ECHO.
    ECHO =============================
    ECHO Running Admin shell
    ECHO =============================
    
    :init
    setlocal DisableDelayedExpansion
    set "batchPath=%~0"
    for %%k in (%0) do set batchName=%%~nk
    set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
    setlocal EnableDelayedExpansion
    
    :checkPrivileges
    NET FILE 1>NUL 2>NUL
    if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
    
    :getPrivileges
    if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
    ECHO.
    ECHO **************************************
    ECHO Invoking UAC for Privilege Escalation
    ECHO **************************************
    
    ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
    ECHO args = "ELEV " >> "%vbsGetPrivileges%"
    ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
    ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"
    ECHO Next >> "%vbsGetPrivileges%"
    ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
    "%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*
    exit /B
    
    :gotPrivileges
    setlocal & pushd .
    cd /d %~dp0
    if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)
    
    ::::::::::::::::::::::::::::
    ::START
    ::::::::::::::::::::::::::::
    REM Run shell as admin (example) - put here code as you like
    ECHO %batchName% Arguments: %1 %2 %3 %4 %5 %6 %7 %8 %9
    


  • @JasGot This looks like something I can use. Thanks for posting.





  • @JasGot Is this code still supposed to be prompting me the UAC?



  • @G-I-Jones said in "Access Denied" RENAME.bat:

    @JasGot Is this code still supposed to be prompting me the UAC?

    yes, unless you disable UAC.



  • Okay so the above option wasn't working for me as I need something I can automate fully. I still haven't figured it out, but I'm getting closer.

    I was able to to do a little better with Powershell.

    I made a .bat file with this:

    @ECHO OFF
    PowerShell.exe -NoProfile -Command "& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy Bypass -File ""\\share\path\DisableEdge.ps1""' -Verb RunAs}"
    

    And then the DisableEdge.ps1 file with this:

    REN C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe Microsoft.MicrosoftEdge_8wekyb3d8bbwe_remove
    
    

    This still prompts UAC, but only requires a YES or NO selection. So life is easier but I'd still love to have a version that just works by itself.



  • You're going to have to run the command as system or some other elevated account to bypass those prompts.
    Manually running the script won't give you the same results you would get running it via GPO - FYI.. there are subtle differences.



  • @Dashrender said in "Access Denied" RENAME.bat:

    Manually running the script won't give you the same results you would get running it via GPO - FYI.. there are subtle differences.

    In this case it's the same.


Log in to reply