Self Elevate VBScript 6


Sometimes a vbscript may need to run with elevated privileges. An example of this is my sendKeys.vbs. I found some code to check if the script is running elevated or not and wrapped this into a function:

I also found some code to re-run the script with a UAC prompt. I’ve made this into a subroutine that can properly handle different interpreter (cscript/wscript). Here’s the function:

Now all we have to do to ensure a program is running fully elevated is add the sub and function above and start a script with this:

If we want to force the use of cSCript we can call force cScript before the UAC check or after. Doing so before will switch to cScript then uacPrompt() will re-launch the script using the correct interpreter. If we call uacPrompt() first the newly elevated script instance will pass it’s elevated token to any process it creates. Calling forceCscrpt after elevating will result in an elevated cscript instance.

Two potential issues I’d like to point out:

  1. handing arguments passed to the script. None of the re-launch code is setup to pass the arguments to it’s child instances. This could be added fairly easy.
  2. Not sure how isElevated would handle on a machine with UAC disabled, or how a pre-UAC OS like XP or server 2003 would react.

 


Leave a comment

Your email address will not be published. Required fields are marked *

6 thoughts on “Self Elevate VBScript

  • Viral Architect

    I just tried your example on a Win2K server on which I am an administrator. Every time it ran it asked if I wanted to run the script as another user. I also tested it and it works on W2K8 and W2K8R2.

    You may want to wrap the if statement inside of another one that checks if the OS is newer than 5.2

  • JohnLBevan

    Hey Ken, thanks for making this code available. I’ve tweaked it slightly based on VA’s comments / included this version below should it be of use. Hopefully this is robust enough to work on most versions of windows – so far only tested on one Win7 machine with admin and no UAC though.

  • mreinsmith

    Ken and John,,

    Had a script that I only needed for a temporary fix while server was being migrated. Was going to have to rewrite the whole thing in PowerShell

    I was working on that when I found your post. You saved me a TON of work, much appreciated!!

    Now I can actually go outside this weekend 🙂

    M