How to run scripts as root in windows?

  • cmd run as administrator. - Moonvvell
  • I run the script on pythonʻe via cmd from the administrator to write the program to autoload through the registry, he writes me "Access Denied" - Mike Ru
  • one
    Yesterday there was a similar question already. Just about python and HKEY_CURRENT_USER. ru.stackoverflow.com/questions/482768/… can help something) - Moonvvell

2 answers 2

runas /user:username "command.exe /parameters"

runas /user:mymachine\administrator cmd.exe - run the cmd.exe command interpreter on behalf of the user "administrator" of the computer "mymachine". When executing the command, the password of the user will be requested, on behalf of which the task should be executed.

runas /noprofile /env /user:mydomain\admin " mmc %windir%\system32\diskmgmt.msc " - start the mmc console with the "Disk Management" runas /noprofile /env /user:mydomain\admin " mmc %windir%\system32\diskmgmt.msc " -in on behalf of the user "admin" in the domain "mydomain". The user profile is not loaded, and the current environment variables are used. Downloading a user profile is only necessary when a task is being performed that requires any data from it. If the /env parameter is specified, the environment variables are inherited from the current user’s environment.

runas /savecred /user:admin@mydomain regedit.exe - run the registry editor "regedit.exe" on behalf of the user "admin" of the domain "mydomain" with remembering the entered password. If the /savecred parameter is /savecred , the entered password is stored in the registry in an encrypted form and will not be requested in the future.

runas /showtrustlevel - display trust levels existing in the system. In response, the list will be displayed in the form:

The following levels of trust are available in the system:
0x20000 (Regular User)

In addition to the trustlevel value of 0x10000 , you can use the values ​​of 0x10000 , the corresponding minimum privilege set and 0x40000 , the standard set for this user. To view the differences of different levels of trust, you can use the Whoami command, executing it in a shell session that is launched with each level of trustlevel

runas /trustlevel:0x20000 cmd.exe - run the cmd.exe command processor using the trust level obtained in the previous example.

runas /trustlevel:0x40000 cmd.exe - run the cmd.exe command processor using the standard trust level.

Note: In a command line session running using the /trustlevel parameter, the list of privileges corresponding to each level of trust can be obtained using the whoami /priv , and full account information - whoami /ALL

Note: The /profile parameter is incompatible with the `/ netonly parameter.

Note: The /savecred parameter is incompatible with the /smartcard parameter.

Here is the password transfer option:

 echo пароль | runas /netonly /user:workgroup\user "command.exe"

    Commands similar to "sudo" no.

    For Winows Vista-10:

    You can run cmd as an administrator or select it in the properties of the shortcut.

    If cmd is running as an administrator, the word "Administrator" appears in the title bar of the window; the whoami /groups shows in the last line SID S-1-16-12288 instead of S-1-16-8192 ; the net session or dir C:\Windows\Temp commands work (have access). In this case, cmd and script have maximum administrator rights, but do not have unlimited access. In the properties of the folder / security and also for registry keys, you can also deny access to the administrator. The administrator has the ability to change these settings, but before that they are valid. But in rare cases, administrator rights are really not enough, it is self-defense of Windows.

    Most programs also get administrator rights if they are run in cmd from the administrator. Exception - Windows Explorer always has limited rights. You can check this in the Task Manager / Details / hidden column "With a higher level of permissions" or in ProcessExplorer / hidden column "Process Image / Integrity Level"

    runas is only suitable for Windows XP / 2003, but does not change anything in Windows Vista - 10 due to UAC (User Account Control).

    See also https://stackoverflow.com/questions/1894967/how-to-request-administrator-access-inside-a-batch-file