I've got 3 .bat files in a directory. Two must be run with administrator privileges. One must be run without (full disclosure, I'm not sure why. It installs a windows service, and the service does not work if the .bat is called as an admin).
I'd like to keep them all in the same place for simplicity's sake, so I can easily switch between them in them same Command Prompt, which I'm running as an administrator. Unfortunately, that means I cannot correctly call the third script, as it's inheriting admin privileges.
The script is pretty straightforward:
start /DC:\path_to_script script.bat
Is there a way to "de-elevate" the call to that .bat file so it runs without admin rights?
1 Answer
runas /trustlevel:0x20000 script.bat
0x20000 means "basic user".
This does exactly what you want. script.bat gets run unprivileged.
Please note:
The effect of /D<path> given as parameter to START can also be achieved by runningrunas /trustlevel:0x20000 <fullpath>\script.batand placing cd /D %˜p0 as first line in the script. (%˜p0 expands to the path of the script itself).
