WinBatch® Technical Support Forum

All Things WinBatch => WinBatch => Topic started by: geauga on April 30, 2018, 12:47:04 PM

Title: RunWithLogon & Other Winbatch Commands
Post by: geauga on April 30, 2018, 12:47:04 PM
I am trying to run some tasks as an administrative user.  I try running the following command:

strCmd = Environment("COMSPEC")
RunWithLogon (FileDelete("C:\Users\Public\Desktop\Old.lnk") , "", "", @NORMAL, @WAIT, runas_user, runas_domain, runas_pass,1)

I get an error 1590.  The file is not read only, I also am an administrator on the PC.  Any ideas?
Title: Re: RunWithLogon & Other Winbatch Commands
Post by: td on April 30, 2018, 01:25:54 PM
We seem to have a fundamental misunderstanding of how to use the "RunWithLogon" function.  To quote from the Consolidated WIL Help file, the first parameter is, "(s) program-name: the name of the desired .EXE, .COM, .PIF, .BAT, .CMD file or a data file."

FileDelete in not one of these things.  It is a WIL function.

It is also important to note RunWithLogon's relationship with UAC.  To again quote from the Consolidated WIL Help file documentation for the function, "You cannot use the RunWithLogon function by itself to circumvent the UAC elevation prompt when UAC is enabled.
When UAC is enabled and you attempt to use "RunWithLogon" to start a process that requires elevation, it will fail. The fact that the credentials passed to the function are for an administrator account does not matter. We know this seems counter-intuitive but this is just how UAC works.
UAC uses the "least privileges" rule. Which states that all users and software run with the least privileges possible at all times. Any time a user or software needs administrative privileges a consent prompt appears.
With UAC enabled, Windows Vista / 7 either prompts for consent or for credentials for a valid administrator account before launching a program or task that requires a full administrator access token. This prompt ensures that no malicious application can silently install."

While the above refers to Vista/Windows 7 (the topic needs to be updated), the same rules apply to Windows 10.