CMD命令行中以管理员权限启动应用程序实现方法

时间:2022-06-02 00:18:29

很多时候我们需要管理员权限来运行bat那么就需要结合vbscript来实现了

方法一:

?
1
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit

常用

?
1
2
3
4
5
@echo off
mode con lines=30 cols=60
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
rem 下面可以写你的bat代码了

方法二:

?
1
2
3
4
5
6
@echo off
%1 %2
ver|find "5.">nul&&goto :st
mshta vbscript:createobject("shell.application").shellexecute("%~s0","goto :st","","runas",1)(window.close)&goto :eof
:st
copy "%~0" "%windir%\system32\"

 

原理类似

ShellExecute method

Run a script or application in the Windows Shell.

Syntax
.ShellExecute "application", "parameters", "dir", "verb", window

.ShellExecute 'some program.exe', '"some parameters with spaces"', , "runas", 1
Key
application The file to execute (required)
parameters Arguments for the executable
dir Working directory
verb The operation to execute (runas/open/edit/print)
window View mode application window (normal=1, hide=0, 2=Min, 3=max, 4=restore, 5=current, 7=min/inactive, 10=default)
Note the different (double " and single ' ) quotes that can be used to delimit paths with spaces.

The runas verb is undocumented but can be used to elevate permissions. When a script is run with elevated permissions several aspects of the user environment may change: The current directory, the current TEMP folder and any mapped drives will be disconnected.

runas will fail if you are running in WOW64 (a 32 bit process on 64 bit windows) for example %systemroot%\syswow64\cmd.exe ...

The ShellExecute method is a member of the IShellDispatch2 object.

Examples

Run a batch script with elevated permissions, flag=runas:

?
1
2
Set objShell = CreateObject("Shell.Application")
objShell.ShellExecute "E:\demo\batchScript.cmd", "", "", "runas", 1

Run a VBScript with elevated permissions, flag=runas:

?
1
2
Set objShell = CreateObject("Shell.Application")
objShell.ShellExecute "cscript", "E:\demo\vbscript.vbs", "", "runas", 1

“If you don't execute your ideas, they die” ~ Roger Von Oech

Related:

Run with elevated permissions - Script to run as Admin
.Exec - Execute command, returning an object
.Run - Run a command
joeware.net - CPAU (Create Process As User) like RunAs but with an options to encrypt the password.
Equivalent CMD command: ShellRunAs - Run a command under a different user account

 批处理文件中的%~dp0表示含义

~是扩展的意思,相当于把一个相对路径转换绝对路径
%0代指批处理文件自身
%1表示批处理文件命令行接收到的第一个参数,%2表示第二个,以此类推
%~d0 是指批处理所在的盘符,其中d代表drive
%~p0 是指批处理所在的目录,其中p代表path
%~dp0 是批处理所在的盘符加路径


cd %~dp0 就是进入批处理所在目录了


详细解释还可参考命令 call /?

自从Vista带来了UAC之后,应用程序就变成了两种,有管理员权限的,和没有管理员权限的。一些老的应用程序会莫名其妙地出错,这时候就要考虑右击应用程序,然后“以管理员身份运行”。这还不是什么大问题,exe文件的右键菜单里都会有这个,但是对于一些脚本文件(cmd, js一类)来说,就没那么方便了。通常需要重新开一个带管理员权限的命令行窗口,然后打很多cd回到刚的文件夹,然后再运行脚本,相当麻烦。

搜了一下,找到一个解决办法。把下面的代码保存为Elevate.js:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
var command = WScript.Arguments.Item(0);
var argument = "";
for (var i = 0; i < WScript.Arguments.Count(); ++i){
 argument += WScript.Arguments.Item(i) + " ";
}
 
try{
 var shellapp = new ActiveXObject("Shell.Application");
 shellapp.ShellExecute(command, argument, null, "runas", 1);
}
catch(e){
 WScript.Echo("Something wrong: " + e.description);
}

以后要以管理员身份运行程序的时候,只要输入“Elevate <exefile> <arguments>”就可以了,比如“Elevate cmd /k”。

当然,这个逃不过UAC的检查,还是会有一个对话框弹出来要点“确定”的。