none
How to run a .bat file as an administrator through windows scheduled task?

    Question

  • Hello,

    First of all, I am not sure if this is the right category to post this question but I am posting it anyway because I couldn't find a right category name that I can relate to.

    I have a batch file that runs an executable by passing some arguments. I am creating a windows schedule task via installer (installer is executed while logged into the system as a domain user who is an administrator on the server. So the task author is the logged in domain user) to execute this batch file. However the task is configured to run under system "Administrator" account.

    Now the problem is the batch file is not executed when the schedule task runs and the task status remains in "Running" state till it is ended manually. I also tried to execute the batch file from command line and I found that it can be executable only if I launch the command prompt using "Right Click + Run as Administrator".

    How can I fix this so that the batch file is executed successfully by the schedule task? 

    Tuesday, November 05, 2013 6:16 PM

Answers

  • Hi,

    Run with highest privileges means that it runs with the highest privileges available to that user. This is different from the context menu's 'Run As Admin'. 'Run As Admin' will use an elevated token if the account has the right permissions - but if not, like the case of a standard user account, it prompts you to run as a different user. By contrast, 'Run with highest privileges' just generates the highest privilege token for the specific user - it cannot run as a different user.

    This makes a difference in certain things, when using an account with elevated permissions. For example, a local administrator is part of the 'Administrators' local group. However, when logging in with the local administrator account (or running a task), by default, it uses a 'low privilege' token, which doesn't contain the  membership for the 'Administrators' group. So, running in 'low privilege' and then trying to access a file that is only accessible to 'Administrators' will fail in low privilege mode (even though your account is a member of the Administrators group). 'Run with highest privileges' creates the full token which does include the Administrators group membership, so could access the file.

    So - to answer your question, for a standard user with no elevated permissions, 'Run with highest privileges' does not do anything. It can also never cause the script to run under a different account.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, November 08, 2013 2:01 AM

All replies

  • Hi,

    You can schedule a task to run an application under the administrator account and then you must also make sure the Run with highest privileges check box is checked if you want to run the task.

    By the way, if the above reply cannot help you fix this issue. Since this forum is just to discuss Windows Forms application development issue. I suggested you post this thread on TechNet - Windows Server General Forum to get a better response.

    Regard,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, November 06, 2013 9:14 AM
  • Thanks Marvin!

    We tried all the above options including the 'Configure for:' option.

    Unfortunately, no success.

    Wednesday, November 06, 2013 11:55 PM
  • Hi,

    Run with highest privileges means that it runs with the highest privileges available to that user. This is different from the context menu's 'Run As Admin'. 'Run As Admin' will use an elevated token if the account has the right permissions - but if not, like the case of a standard user account, it prompts you to run as a different user. By contrast, 'Run with highest privileges' just generates the highest privilege token for the specific user - it cannot run as a different user.

    This makes a difference in certain things, when using an account with elevated permissions. For example, a local administrator is part of the 'Administrators' local group. However, when logging in with the local administrator account (or running a task), by default, it uses a 'low privilege' token, which doesn't contain the  membership for the 'Administrators' group. So, running in 'low privilege' and then trying to access a file that is only accessible to 'Administrators' will fail in low privilege mode (even though your account is a member of the Administrators group). 'Run with highest privileges' creates the full token which does include the Administrators group membership, so could access the file.

    So - to answer your question, for a standard user with no elevated permissions, 'Run with highest privileges' does not do anything. It can also never cause the script to run under a different account.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, November 08, 2013 2:01 AM