How do I get current logged in user name when running a batch file as administrator
How do I get current logged in user name when running a batch file as administrator
It runs fine when the current user has local admin privileges, but for users who aren't I have to enter the domain administrator password for the changes to take place.
With the below example you just set a variable with the environmental variables as you already have in your ICACLS command logic, and then use that variable to specify the account to grant the applicable permissions passing it to a CALL routine.
@ECHO OFF
SET Identity=%userdomain%\%username%
CALL :ICACLS "%Identity%"
GOTO EOF
:ICACLS
runas /user:MYDOMAIN\USER icacls "program files directory" /grant %~1:F
GOTO EOF
If you have trouble
If you're running cmd.exe with RUNAS and you determine the %userdomain%\%username%
variables don't set (or list) the expected values which you need to use for the ICACLS commands to work as expected, then run the below commands in cmd.exe before using the RUNAS functionality to find the current logged on domain and username credential values which you can then use with the ICACLS commands for setting the permissions for that identity\security principal.
SET Identity=%userdomain%\%username%
ECHO %Identity%
Related videos on Youtube
Kustomize
Updated on September 18, 2022Comments
-
Kustomize over 1 year
I have a batch file I can run to modify permissions to a folder in program files. It runs fine when the current user has local admin privileges, but for users who aren't I have to enter the domain administrator password for the changes to take place. When I double check the permissions setting on the folder, it shows the domain admin having full control over said folder.
How do I ensure that the current user logged in the windows gets full permission?
This is what I have as part of that batch file:
icacls "program files directory" /grant %userdomain%\%username%:F
-
Kustomize almost 8 yearsI've tried this and it did not work, the domain admin still has full permission over the folder. It is caused by having to run the bat as administrator, so the identity variable is still set to local admin.
-
Kustomize almost 8 yearsI need to set it as a variable, then use that variable when setting folder permissions. I've been toying with runas calling a bat file and passing the identity variable as a parameter but to no success.
-
Kustomize almost 8 yearsThat is one solution. However it also requires user group management and from an administrative point of view it is not necessary to know who has access rights to the folder, so long as the local user has full read/write over a folder in their program files directory. I can't move the folder as it is the default installation path of a proprietary software. I will use this solution for now until I can find a quicker way setting permissions.
-
Kustomize almost 8 years@JUICE_IT Security was never a concern, it was simply giving a local user full access to a folder on their own drive. But I managed to solve my problem, by combining
set identity=xxx
with this answer I was able to pass identity as a parameter. -
Vomit IT - Chunky Mess Style almost 8 years@JarirS Great, you should be able to set the variable and then pass that as an argument to a routine in the same batch script as well then with that routine having the RUNAS logic keeping the identity per the RUNAS command is run. That should work to keep it all contained to the same one script -- I edited my answer to show you an example.