Is it possible to run a command headlessly (in a bat script) as another user on Windows?

batch-file vbscript cmd
13,431

Here's another alternative:

wmic /user:username /password:pass process call create "cmd /c \"d:\\path\\to\\program.exe\" /arg etc"

EDIT : Apparently that doesn't allow authentication with separate credentials on the local machine.

There's a way to call runas with vbscript and have the vbscript send the password to the console to automate the password entry.

set WshShell = WScript.CreateObject("Wscript.Shell")
WshShell.run "runas /noprofile /user:USERNAME " + Chr(34) + "d:\path\to\command.exe /args" + Chr(34)
WScript.Sleep 500
WshShell.SendKeys "PASSWORD"
WshShell.SendKeys "{ENTER}"
set WshShell = nothing

Save that to a .vbs file and call it via cscript /nologo script.vbs

If you need that to run from a batch script, just do some creative echos.

@echo off
setlocal

set username=username
set password=password
set program=d:\path\to\program.exe /arg argument

echo set WshShell = WScript.CreateObject(^"Wscript.Shell^")>runas.vbs
echo WshShell.run ^"runas /netonly /noprofile /user:%username% ^" + Chr(34) + ^"%program%^" + Chr(34)>>runas.vbs
echo WScript.Sleep 500>>runas.vbs
echo WshShell.SendKeys ^"%password%^">>runas.vbs
echo WshShell.SendKeys ^"{ENTER}^">>runas.vbs
echo set WshShell = nothing>>runas.vbs
cscript /nologo runas.vbs
del /q runas.vbs

If that doesn't work for you, you could also use psexec to run a program with different credentials.

psexec -u USERNAME -p PASSWORD d:\path\to\command.exe

The only other alternative I can think of would be to run your script through a group policy startup script, which would execute the script from a system account. I also thought about calling it from the registry's HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce, but I think that might launch it from the first user who logs in after reboot.

Share:
13,431
Admin
Author by

Admin

Updated on June 27, 2022

Comments

  • Admin
    Admin almost 2 years

    I want to have a .bat script do a particular task as a different user and run headlessly (no user input or prompting is allowed). Is there a way to do this with a .bat script? Please note that I am constrained to not use PowerShell as it not installed by default on all of the Windows operating systems that we must support.

    I have considered RUNAS in my script, but it apparently requires interactive input.

    In Linux, the equivalent idiom is:

    echo "Password" | sudo -S -u username "command"

    Any suggestions for Windows .bat scripts?

    Update: I believe that vbscript is always available on Windows, so if a purely headless solution is available via vbscript, then that is good, too!

  • Admin
    Admin about 11 years
    The issue I have is that this is part of some installation code (for internal development purposes where we are putting username/password into scripts). No part of the installation code has access to user input, so there is never an opportunity to save credentials in advance because the entire script is being run headlessly. As I mentioned in the original question, we have already considered RUNAS, but it is not a valid choice for the constraints as part of the question. Maybe the answer to the question is that there is no way to do this in a .bat script.
  • Admin
    Admin about 11 years
    Unfortunately, the problem requires absolutely no interactive input at all, even when done only once.
  • Admin
    Admin about 11 years
    It seems that the WMI engine doesn't let you use credentials to connect locally. Doing the above results in the error message: User credentials cannot be used for local connections Is there a way to work around this?
  • rojo
    rojo about 11 years
    You could try adding the /node argument. wmic /node:computername /user:adminuser /password:password process call create "cmd /c \"d:\\path\\program.exe\"" Edit: No, this doesn't work either. Let me play around a little and see what I can come up with.
  • Admin
    Admin about 11 years
    I did just try adding the /node and tried both fully-qualified and short hostnames for the computername, but I still get the same error message above. Thanks for the idea... is there any other thing I can try out? Just saw your edit... THANKS to you no matter what happens!
  • Admin
    Admin about 11 years
    It is great and a tribute to your skill that you have provided multiple solutions that fit the question! Question answered! Many thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to launch a batch file from within an HTA
Windows: File Monitoring Script (Batch/VBS)
Create a Windows executable (.exe) from Batch and Vbscript
Running multiple commands simultaneously
Show balloon notifications from batch file
.bat to stop windows Update
How to start PowerShell script from BAT file with proper Working Directory?
Redirect output of command in for loop of batch script
Unzip all zip files in all subfolders
Windows: Open program in specific screen location