Reputation: 1897
How can I test effective permissions of a user from a batch script?
I need to test the effective permissions of a specific user (i.e. not necessarily the current user) from within a batch script and take action (provide a warning) based on that. I'd like to have a subroutine I could call to check privileges against a specified file or directory so I could test that something only an administrator should be able to access (and thus warn that too high of permissions are granted) and check that data directories in my apps path can be accessed (otherwise too low of permissions). I'd like this to work in XP, 2008, and win7.
By the way, I have figured out how to parse "net localgroup Administrators", but I don't think this is sufficient for my needs.
Upvotes: 1
Views: 7176
Answers (1)
Reputation: 9000
@Jared,
For your needs, I think with a simple copy and %errorlevel% you can have what you want.
copy %tempFile% %yourProtectedDir%
if %errorlevel% == 1 goto sorryYouFail
if %errorlevel% == 0 goto youAreIn
...
del %tempFile% /Q
Or, to check for any user, do the same but with a windows protected folder...
copy %tempFile% %windir%\system32
if %errorlevel% == 1 goto youDontHaveAdminPrivileges
if %errorlevel% == 0 goto howdyThereAdmin
...
del %tempFile% /Q
If you need to test other user try with the runas option...
@Lizz
This script check windows version, and elevate a temporary file to run a specific one with ADMIN RIGHTS.
@echo off
title Detect and run file with Admin privileges
set yourFile=yourFileNameAsAdmin.bat
set privileges=no
VER | FINDSTR /IL "6.2." > NUL
IF %ERRORLEVEL% EQU 0 (
SET winVersion=8
SET privileges=yes
)
VER | FINDSTR /IL "6.1." > NUL
IF %ERRORLEVEL% EQU 0 (
SET winVersion=7
SET privileges=yes
)
VER | FINDSTR /IL "6.0." > NUL
IF %ERRORLEVEL% EQU 0 (
SET winVersion=Vista
SET privileges=yes
)
if "%privileges%"=="no" goto SkipElevation
If "%privileges%"=="yes" goto Elevation
:SkipElevation
call %CD%\%yourFile%
goto End
:Elevation
PushD "%~dp0"
If Exist "%~0.ELEVATED" Del /f "%~0.ELEVATED"
Set CMD_Args=%0 %*
Set CMD_Args=%CMD_Args:"=\"%
Set ELEVATED_CMD=PowerShell -Command (New-Object -com 'Shell.Application').ShellExecute('%yourFile%', '/%cd:~0,1% %CMD_Args%', '', 'runas')
Echo %ELEVATED_CMD% >> "%~0.ELEVATED"
call %ELEVATED_CMD%
Del /f "%~0.ELEVATED"
goto End
:End
Echo -------------------------------
Echo All done!
Pause
goto EOF
Note: If yourFileNameAsAdmin.bat use RELATIVE path to files, remember to enableextensions and the local dir at the beginning of the file:
@echo off
@setlocal enableextensions
@cd /d "%~dp0"
::...your code here
Hope that helps!...
As adition related info...
With the command net you get a lot of info about users and goups, and also can you work with them.
e.g.
NET USER
- net users List off all users.
- net users [name] Detail info about a specific user, including all the groups that he belongs.
- net help users for more...
NET LOCALGROUP
- net localgroup List all groups.
- net localgroup [groupName] Detail info about a specific group, including all the users that belongs to that grup.
- net help localgroup for more...
Upvotes: 2
Related Questions
- Scripts for security permissions
- Batch script: how to check for admin rights
- How to check whether a file/dir is writable in batch scripts
- Best way to check if directory is writable in BAT script?
- Batch file that asks for user name and performs processes
- How to find out in a batch file if current user belongs to a specific user group?
- Display current Folder permission by a batch script
- How to get needed rights in batch script programmatically?
- Define privilege in batch File
- set permissions using batch file after taking user input