13
7
I'm trying to run xcopy
commands in a batch file as an administrator. Is this the correct command and how can I pass the password into it?
runas /noprofile /user:Domain Name\user account
13
7
I'm trying to run xcopy
commands in a batch file as an administrator. Is this the correct command and how can I pass the password into it?
runas /noprofile /user:Domain Name\user account
14
To automatically authenticate, add the /savecred
flag. You'll have to enter the password on the script's first run, but it will be saved after that.
Realize that runas
will then be able to use the saved credentials to execute any given program, so do think about how that could be a security issue before going this route.
Your usage is correct though, just add the program path at the end.
runas /noprofile /user:joe@example.com /savecred script.bat
or
runas /noprofile /user:joe-pc\joe /savecred script.bat
To delete a saved credential search for the Credential Manager in Control Panel.
4
The runas
command should prompt you for the credentials when you run the batch file to execute the specified command. As long as you run it in cmd.exe. This is due to the need for the standard input neccessary to prompt for the password. You cannot just double click it. Storing a password in plaintext in a batch file is a bad idea because it's insecure. That's why it prompts at runtime.
You may right click on the executable and click Run as Administrator
, without the runas
command. This is probably the solution you are looking for.
If you wanted to run the task as a scheduled task, you can set it to run it as different user there.
1
You could use RunAs when you call the batchfile (right click on the batchfile and click runas) to have the batch run as administrator. I suspect that runas will not work inside the batch. I'd recommend NOT putting the password in the batch file, even if it did work, batch files are plain text, so you might as well put the password on a post-it note on the monitor.
0
This website discusses creating an autoit script that obfuscates the the contents of the file towards the bottom of the file.
http://www.neowin.net/forum/topic/922704-secure-use-of-passwords-in-batch-files/
i understand storing the password in the plain txt would be unsecure but is there any way for it to authenticate automatically ? – joe – 2012-12-19T00:07:08.693
The best way is to right click on the executable &
– BrenanK – 2012-12-19T02:09:32.430Run as Administrator
, or set the task to run as certain user as scheduled task. Any other option that authenticates as an admin would open some major security risks. It looks as though windows doesn't have this capability. If you'd like more information on the subject, see setuid for windows.setuid
is used in unix environments to allow a non-admin run a program as root(admin). A program that usessetuid
must be very carefully coded to not create vulnerabilities.Just to be clear
setuid
can be configured to assume privileges of other users as well as root on a Unix system. – BrenanK – 2012-12-19T02:22:19.410