2

I've got 3 .bat files in a directory. Two must be run with administrator privileges. One must be run without (full disclosure, I'm not sure why. It installs a windows service, and the service does not work if the .bat is called as an admin).

I'd like to keep them all in the same place for simplicity's sake, so I can easily switch between them in them same Command Prompt, which I'm running as an administrator. Unfortunately, that means I cannot correctly call the third script, as it's inheriting admin privileges.

The script is pretty straightforward:

start /DC:\path_to_script script.bat

Is there a way to "de-elevate" the call to that .bat file so it runs without admin rights?

Improve this question
3
  • Keep them in the same place but run a different cmd not as an admin and run this bat from that one.
    – EBGreen
    Commented May 17, 2018 at 15:21
  • @EBGreen the goal is to be able to run them from the same prompt. Eventually the implementation will move where we won't be able to split it up like that.
    – Lord Farquaad
    Commented May 17, 2018 at 15:24
  • Use the solution proposed in enter link description here
    – tischepe
    Commented May 17, 2018 at 15:25

1 Answer 1

Reset to default
3

runas /trustlevel:0x20000 script.bat

0x20000 means "basic user".

This does exactly what you want. script.bat gets run unprivileged.

Please note: The effect of /D<path> given as parameter to START can also be achieved by running runas /trustlevel:0x20000 <fullpath>\script.bat and placing cd /D %˜p0 as first line in the script. (%˜p0 expands to the path of the script itself).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .