13
7
I'm trying to run xcopy commands in a batch file as an administrator. Is this the correct command and how can I pass the password into it?
runas /noprofile /user:Domain Name\user account
joe
Posted 2012-12-18T23:27:24.193
Reputation: 131
How do I add a password to a batch file to automatically authenticate?
Answers
14
To automatically authenticate, add the /savecred flag. You'll have to enter the password on the script's first run, but it will be saved after that.
Realize that runas will then be able to use the saved credentials to execute any given program, so do think about how that could be a security issue before going this route.
Your usage is correct though, just add the program path at the end.
runas /noprofile /user:joe@example.com /savecred script.bat
or
runas /noprofile /user:joe-pc\joe /savecred script.bat
To delete a saved credential search for the Credential Manager in Control Panel.
Louis
Posted 2012-12-18T23:27:24.193
Reputation: 18 859
4
The runas command should prompt you for the credentials when you run the batch file to execute the specified command. As long as you run it in cmd.exe. This is due to the need for the standard input neccessary to prompt for the password. You cannot just double click it. Storing a password in plaintext in a batch file is a bad idea because it's insecure. That's why it prompts at runtime.
You may right click on the executable and click Run as Administrator, without the runas command. This is probably the solution you are looking for.
If you wanted to run the task as a scheduled task, you can set it to run it as different user there.
BrenanK
Posted 2012-12-18T23:27:24.193
Reputation: 336
1
You could use RunAs when you call the batchfile (right click on the batchfile and click runas) to have the batch run as administrator. I suspect that runas will not work inside the batch. I'd recommend NOT putting the password in the batch file, even if it did work, batch files are plain text, so you might as well put the password on a post-it note on the monitor.
BillN
Posted 2012-12-18T23:27:24.193
Reputation: 796
0
This website discusses creating an autoit script that obfuscates the the contents of the file towards the bottom of the file.
http://www.neowin.net/forum/topic/922704-secure-use-of-passwords-in-batch-files/
Phillip R.
Posted 2012-12-18T23:27:24.193
Reputation: 1 801
i understand storing the password in the plain txt would be unsecure but is there any way for it to authenticate automatically ? – joe – 2012-12-19T00:07:08.693
The best way is to right click on the executable &
– BrenanK – 2012-12-19T02:09:32.430Run as Administrator, or set the task to run as certain user as scheduled task. Any other option that authenticates as an admin would open some major security risks. It looks as though windows doesn't have this capability. If you'd like more information on the subject, see setuid for windows.setuidis used in unix environments to allow a non-admin run a program as root(admin). A program that usessetuidmust be very carefully coded to not create vulnerabilities.Just to be clear
setuidcan be configured to assume privileges of other users as well as root on a Unix system. – BrenanK – 2012-12-19T02:22:19.410