[Bat] How to create a batch file that starts with system privileges!Let's use the task scheduler to elevate to system privileges and execute the process!


Hello!This time, one of the highest privileges in Windows, "System privilegesI would like to introduce how to execute a batch file with.

Generally speaking, "authority" when operating on Windows is "user authority (Users group)" or "administrator authority (Administrators group)" authority.However, there are many operations that cannot be done with those privileges.

In such a case, it may be possible to solve it by using "system authority" which is stronger than administrator authority.

There are some processes that cannot be processed well even if "Execute with administrator privileges", or conversely, cannot be stopped by any means!How about using this method in such cases?

Thing you want to do

-When moving / deleting important Windows folders / files called "system files", which is the basis of Windows, or terminating important processes, I want to execute those commands with system privileges.

Even if I normally execute a command from the "command prompt" or "end the task" from the "task manager", I get "access denied" and I can't do what I want. I think there is.

In order to solve it, this time I would like to execute arbitrary processing with "system authority" by "batch file" alone.

Script example

@echo off
cd /d %~dp0

set path=%PATH%;%windir%system32;%windir%\system32\WindowsPowerShell\v1.0

whoami /priv | find "SeDebugPrivilege">nul
if %errorlevel% neq 0 (
    @powershell start-process %~0 -verb runas

rem ここからシステム権限への昇格処理
set taskName=PromoteToSystemPrivileges

schtasks /delete /tn %taskName% /f

if "%1" equ "1" (
goto :Main
) else (
schtasks /create /tn %taskName% /tr "'%~0' 1" /sc onlogon /ru system
schtasks /run /tn %taskName%

rem ここからシステム権限で実行したい処理を記載します



How to use

1. Enter the process you want to execute with "system authority" under the ": Main" label of the batch created above.

2. Save the completed batch in any location with the extension ".bat".

3. Double click to execute


Register the batch to be executed with system authority in the task scheduler.

Use the "schtasks / create" command to register the task scheduler.

"/ Tn" is the task name to be registered, and you can give it any name you like.This time"PromoteToSystemPrivilegesI gave it the name.

"/ Tr" is the command to actually register. "% ~ 0" means your own full path, so with this pattern, "Execute with argument "XNUMX" to yourselfIt corresponds to the command.

"/ sc onlogon"Is an option to execute at login, but it may not be registered in the task scheduler without it, so it is included as a dummy.

set taskName =PromoteToSystemPrivileges
schtasks / create / tn % taskName% / tr "'% ~ 0'1" / sc onlogon / ru system

And the last one I put on/ ru systemIf you add this option to the task scheduler and register it in the task scheduler, it will be executed with system privileges at startup.

This allows the batch to run with system privileges.
* If you look at the task scheduler at the time of execution, you can see that it is registered.

Immediately execute the task registered in the task scheduler

This can be achieved by executing "schtasks" with the / run option.

The "/ run" option is a command to immediately execute the task with the name specified by "/ tn", so I think it can be realized without any problem.

schtasks / run / tn% taskName%

If you put this after the command registered in the task scheduler that you did earlier, the task will be executed immediately.

Execution of processing with system authority

In the startup process earlier, "OneI registered a task to execute with system authority with "" as an argument.
That meansThe argument is "OneIf there is, it can be started with system authority..That will be the case.

To make that decision,if "% 1" equ "1"To execute, "If XNUMX: Jump to MainIt is a process to do.

rem Promotion process from here to system authority set taskName = PromoteToSystemPrivileges
schtasks / delete / tn% taskName% / f

When started from the rem task scheduler, "XNUMX" is passed as an argument
if "% 1" equ "1" (goto: Main

) else (rem Register a task that calls itself with the argument "0" in the task scheduler schtasks / create / tn% taskName% / tr "'% ~ XNUMX' 1"/ sc onlogon / ru system schtasks / run / tn% taskName%
  exit): Main rem ~~~ Enter the process here ~~~ whoami>% ~ dp0sample.log exit

In the sample code above, after being promoted to "system privileges", the task that started itself that is no longer needed is deleted.After that, the argument is judged and jumped to ": Main" to execute the process.

As a test, the result of the "whoami" command promoted to "system authority" is output as "sample.log" in the folder containing the batch file.
If you check the contents and the output is "System", you can execute with system authority.Normally, the name of the executed user is output.

注意 点

Note that with system privileges, the black command prompt screen does not appear on the screen.
It cannot be used as is for an "interactive" batch file that prompts the person who executed it.

Also, because of the highest authority, you can easily operate data and processes that should not be erased.
Before testing, prepare an environment that can be damaged.

It is safer to set the purpose of processing with system privileges and keep it to a minimum.


This time, I introduced how to create a batch file that executes processing with system privileges.

As mentioned in the preface, most of the processes that require "system privileges" are related to the operations of "files, folders, and processes," which are the "foundation of Windows."

It is attractive that the above method can often be performed without displaying "Access Denied", but most file and process operations have a reason to "deny" access in the first place. Therefore, please use it with great care.

Ideally, you don't have to mess with the "access denied" section, but there may be times when something goes wrong and you need it.Please use it as long as you can recover it after execution.

In addition, there is also a method using the file "PsExec" called "PSTools", and "PSTools", a toolset that is very convenient for mastering Windows, will be introduced in another article!

I hope it helps you.


Translate »
I copied the title and URL