Device manager access for non admins

10,506

Try this im Curious.

If it does not work let me know I dont have a non admin account at my work desk.

Open a Text file and save the code below as DeviceManger.bat

@echo off

:: BatchGotAdmin
:-------------------------------------
REM  --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    set params = %*:"=""
    echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
    exit /B

:gotAdmin
    pushd "%CD%"
    CD /D "%~dp0"
:--------------------------------------
cls
echo.
echo Start as admin:
echo /------------------\
echo # 1. Device Manager#
echo \------------------/
echo.

set /p run=

if %run%==1 (
set run="devmgmt"
)

%run%

Run the .bat and press 1 and hit Enter.

Share:
10,506

Related videos on Youtube

jonboy
Author by

jonboy

Updated on September 18, 2022

Comments

  • jonboy
    jonboy about 1 year

    Windows 7, 64bit.

    Is it possible to allow non admins access to edit the device manager?

    Currently when logged in as a non admin and I try to access the device manager I see the following;

    enter image description here

    I have tried to make the changes in gredit.msc but they don't seem to make any difference.

    local computer policy > computer configuration > windows settings > security settings > local policies > user rights assignment > Load and unload device drivers > add specific user/group

    The only thing that works is by adding my non admin user into the admin user group, this works fine. I'd rather not do this though, I'd prefer to give them access to the device manager only.

    Any advice is appreciated.

    • Ramhound
      Ramhound almost 8 years
      Changing the local group policy will have zero effect if the machine is connected to a domain. Is that the case? I currently have access to the device manager, and I am logged into a domain controlled machine, as a normal user. So is it possible: YES
    • jonboy
      jonboy almost 8 years
      It's connected to an AD domain yes. However I have full admin control over the PC
    • Ramhound
      Ramhound almost 8 years
      You are a local user. You being a local Administrator on the machine means nothing if you are a normal user on the domain itself. A group domain policy overrides a local group policy always. Relevant Microsoft Documentation
    • jonboy
      jonboy almost 8 years
      So is there any way I can resolve my issue?
    • Ramhound
      Ramhound almost 8 years
      As a non-administrator domain user, no, request your role be changed to an administrator
    • jonboy
      jonboy almost 8 years
      I don't think it's related to the AD domain. If I unplug the network cable and login as the same users it will be the same result? Perhaps I'm confused
  • jonboy
    jonboy almost 8 years
    Thanks @NetworkKingPin - I'm very keen to try this! Can you tell me what this does? Before I mess up my PC completely lol
  • NetworkKingPin
    NetworkKingPin almost 8 years
    Basically it Pushes you to get admin privileges if you do not have them already. The code is safe i use it very often to elevate my batch scripts in my work place. First it tries to get admin access if denied it provides it temp Admin Access. And it wont kill your pc.
  • Ramhound
    Ramhound almost 8 years
    There is nothing in that script that would change the user group of a user