How to run program from command line with elevated rights

Is there a way to run a program or command with elevated rights when I am already in a non-elevated command line?

Exactly the same action that would be performed when I click on the program shortcut and select Run as administrator.

The runas command is probably not a solution - it asks for a password, but I just want the UAC dialog.

Lukas Cenovsky

Posted 2009-10-15T15:33:29.720

Reputation: 1 269

Answers

It looks like this utility - Hidden Start - will do what you wish if you use the /uac switch. Here's an example command line:

hstart /UAC "notepad.exe"

This will pop up the UAC dialog rather than ask for a password like runas does.

enter image description here

JeffP

Posted 2009-10-15T15:33:29.720

Reputation: 733

2Warning: that little utility is 20$. For those with small pocket, use RunAdmin instead :) – Ultralisk – 2017-01-27T19:26:57.873

This doesn't come-up on Windows 10 – will – 2017-06-06T00:32:13.543

There is a way to do this in PowerShell:

PS> Start-Process powershell -Verb runAs

Rustam

Posted 2009-10-15T15:33:29.720

Reputation: 653

21Seems to work fine. From command line, you could do for instance powershell -Command "Start-Process 'C:\program.exe' -Verb runAs" – marsze – 2014-10-09T11:08:07.140

7This should be marked as the right/best answer IMO - it works without 3rd party utilities. – crimbo – 2015-10-21T01:07:00.160

Building off of @marsze - Fwiw, arguments in the simplest case go into their own single quoted value, eg powershell -Command "Start-Process 'gvim' 'c:\windows\system32\drivers\etc\hosts' -Verb runAs". Thanks!

– ruffin – 2017-01-11T14:35:07.280

How can I pipe the output of the elevated command prompt into my currently executing script? – wheeler – 2017-07-28T23:10:32.343

@wheeler, I'm almost certain you can't do that, but you can return an exit code: $p = Start-Process powershell -Verb runAs -ArgumentList "-Command ``"& { ``$Host.SetShouldExit(123) }``"" -PassThru; $p.ExitCode – Rustam – 2017-08-09T11:17:49.640

@Rustam You can, and I did :) It's a little hack-y, but it works superb.

– wheeler – 2017-08-10T14:40:02.503

Building on Rustam's answer, you can:

Create a su.bat batch file somewhere in your default %PATH%, with the following one-liner : @powershell start -verb runas %*
Add this function to your PowerShell $profile : function su {start -verb runas @args}

Now you can issue su <command> [parameters] in either shell !

Nicolas Melay

Posted 2009-10-15T15:33:29.720

Reputation: 179

RunAdmin is a small utility (150Kb) that lets you run a program from command line with elevated rights (it will show the UAC). And opposite to Hidden Start is freeare.

Ultralisk

Posted 2009-10-15T15:33:29.720

Reputation: 1 749

This works for me on all platforms, including Windows 10. My needs are simple, perhaps you can adapt the approach if you need power.

I came up with a small script named, sudo.cmd named for the Linux sudo command. It works well enough it think. I've outlined the requirements, the steps to follow and the script is near the bottom with an example. First a word of warning.

WARNING: The command runs in the windows System directory by default. You will want to cd to somewhere safe first.

requirements:

Run command with Administrator a privileged from windows .CMD
or the cmd-shell.
require the normal Windows privilege checks on the command
- In other words the command will NOT work unless I am already logged in with a privileged account.
Execute the command with Admin permission and continue when called inside a script. So wait for the command to complete.
Be simple so it will always work
Not need to enter a password every time, if I'm already logged in.
- A better method would be if I can enter password once as does the real sudo command on Linux.

solution:

Create a command script to execute all the arguments passed, sudo.cmd
Create a Windows short-cut to the command script name it: sudo.lnk.
Put the sudo short-cut in your windows PATH so it can be seen.
Edit the short-cut properties, make the Start in: path empty.
Click the [Advanced] button -- Check Run as Administrator
Enable short-cuts in your windows path, use the PATHEXT environment variable, viz.

d:> echo %PATHEXT%
    .lnk;.EXE;.CMD;.BAT;.COM

When you type sudo dir on the command-line Windows will show the

User Account Control

Do you want to allow this app to make changes to this device?

  [YES]  [NO]

Access control pop-up. If you click "[NO]" nothing will happen. Windows will show an "Access is denied." message.

When you click "[YES]" then the directory command runs at an elevated privilege. Of course you probably want something more interesting like stopping or query on a service:

 sudo sc query SDRSVC

SDRSVC is the service name for "Windows Backup service", this shows the following in a separate Cmd window:

  [sudo]

   administrator
  ---------------

  sc query SDRSVC

SERVICE_NAME: SDRSVC
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

  [done]

Press any key to continue . . .

The sudo.cmd script itself is very basic. As I said my needs are simple. I just want to stop and start services while I deploy code for testing.

sudo.cmd:

 @echo off
 @rem    sudo.cmd
         cd /d %temp%
 @echo.
 @echo.   administrator
 @echo.  ---------------
         cd 
 @echo.
 @rem  _________________________________________________
 @rem      -- Print usage . . .
        @if    [""]      ==["%~1"]   goto USAGE
        @if /i ["--HELP"]==["%~1"]   goto USAGE
 @rem  _________________________________________________
 @rem
 @echo.  %*
 @rem
         %*
 @rem
         set EXIT_STATUS=%ERRORLEVEL%
 @rem  -- -- -- -- --  
 @echo.
 @echo.  [done]
 @rem  ______________________________________________________
 :Exit
 @echo.
 @pause
  exit /b  %EXIT_STATUS%
 @rem  ______________________________________________________
 :USAGE
 @echo.
 @echo  ^Usage:
 @echo.    sudo ^<complete command line^>
 @echo.
 @echo.  Attempts to rune the: ^<complete command line^>
 @echo.  under Administrator priviliges.  Relies on Windows 
 @echo.  prompt for elevated privileges.
 @rem  ______________________________________________________
 @goto Exit

The pause command waits for you to review the results. If you take pause out the administration window closes and you don't know if the command worked or not. The ERRORLEVEL from the command is returned as well.

will

Posted 2009-10-15T15:33:29.720

Reputation: 169

This works for Windows 10, haven't tested with other Windows versions.

A example to open notepad with administrator rights from cmd.exe which starts powershell which asks for the elevated permissions.

C:\>start powershell -command "&{start-process -filepath notepad -verb RunAs}"

This will give you a UAC dialog box (if enabled) with [Yes] [No], or will ask you for the administrator password.

Another example to open the hosts file with notepad would be:

C:\>start powershell -command "&{start-process -filepath notepad 'C:\Windows\System32\drivers\etc\hosts' -verb RunAs}"

More information: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/start-process?view=powershell-6

Alex

Posted 2009-10-15T15:33:29.720

Reputation: 427

The arguments to the executable should be a -ArgumentList parameter, not simply additional parameters to start-process. – Appleshell – 2019-10-12T18:22:24.133

You can set __COMPAT_LAYER=RunAsAdmin. Then the commands will run in a separate elevated cmd.

Example .bat:

rem Run next command elevated to Admin.
set __COMPAT_LAYER=RunAsAdmin
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" /t REG_DWORD /v "NoBackgroundPolicy" /d "1"
rem Disable elevation
set __COMPAT_LAYER=
rem continue non elevated
reg add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /t REG_SZ /v "Start Page" /d "https://www.google.com" /f

All Compatibility Mode options are listed in the MS Application Compatibility Toolkit.

Michel

Posted 2009-10-15T15:33:29.720

Reputation: 11

This batch file is horribly broken. You cannot use ; as a comment delimiter. "Batch files do not recognise the semicolon and will generally cause an error message about a bad command." – DavidPostill – 2017-01-31T10:57:28.200

I'm going to upvote @jawa's answer. Using the "__COMPAT_LAYER" environment variable solved the problem for me. Woo-hoo! I think the original BATCH code has been corrected. – mnemotronic – 2020-02-05T14:27:38.610

There is another way to run a process with UAC elevation that works without third-party tools and without having to set the execution policies for PowerShell.

This approach uses the Microsoft HTML Application Host (mshta) to run a VBScript snippet in the form of a single command:

mshta vbscript:Execute("Set UAC = CreateObject(""Shell.Application""):
  UAC.ShellExecute ""SomeProcess.exe"", ""SomeArguments"", """", ""runas"", 1:close")

mschmidt

Posted 2009-10-15T15:33:29.720

Reputation: 1

Take a look at Start++ - it has this functionality along with a lot of other useful things. To run with the UAC prompt, simply use sudo then your program name at the command line as shown here:

alt text

Here are some other features (you can also add your own):

alt text

John T

Posted 2009-10-15T15:33:29.720

Reputation: 149 037

2The link says Welcome to: brandontools.com. This Web page is parked FREE. Want to buy brandontools.com? – xmojmr – 2015-01-05T12:15:50.557

1as @xmojmr says, that site is dead. If you know a new location (I didn't find one so quickly), you should update the link in the answer. – Abel – 2017-10-03T16:09:00.620

Looks also good but I already use FARR which has similar functionality as Start++ and more (of course except sudo). – Lukas Cenovsky – 2009-10-16T08:54:07.367