Admin rights on script execution (Windows)
Posted: Thu Feb 28, 2013 11:42 pm
Hi,
I'm using OpenVPN Portable (from sourceforge) together with OpenVPN GUI v1.0.3 on Windows 7 x64.
My config files for the different servers contain these lines:
and they are executed when I connect to / disconnect from a server.
Because these scripts set firewall entries they need to be started with admin permissions.
The admin check in the up / down scripts looks like:
The problem is, these script will always jump to the AdminFailed label, because the permission check
is negative (hence %errorlevel% != 0).
It doesn't matter what I try, setting RUNASADMIN for the .bat files, the OpenVPNPortable.exe or the
openvpn-gui.exe / openvpn.exe in the .\app\bin folder via registry entries, the admin check in these
scripts always fail...
How I add the necessary "always start as admin settings":
Any hints why the up / down files don't have enough permissions so that the admin check won't fail?
My user account is in the administrator group, no active directory present, UAC is disabled.
I'm using OpenVPN Portable (from sourceforge) together with OpenVPN GUI v1.0.3 on Windows 7 x64.
My config files for the different servers contain these lines:
Code: Select all
script-security 2
up "D:\\Users\\Highend\\Tools\\OpenVPN\\data\\config\\up.bat"
down "D:\\Users\\Highend\\Tools\\OpenVPN\\data\\config\\down.bat"Because these scripts set firewall entries they need to be started with admin permissions.
The admin check in the up / down scripts looks like:
Code: Select all
REM ### Admin Check ########################################
NET SESSION >NUL 2>NUL
IF %ERRORLEVEL% NEQ 0 GOTO :AdminFailedis negative (hence %errorlevel% != 0).
It doesn't matter what I try, setting RUNASADMIN for the .bat files, the OpenVPNPortable.exe or the
openvpn-gui.exe / openvpn.exe in the .\app\bin folder via registry entries, the admin check in these
scripts always fail...
How I add the necessary "always start as admin settings":
Code: Select all
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "D:\Users\Highend\Tools\OpenVPN\OpenVPNPortable.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "D:\Users\Highend\Tools\OpenVPN\app\bin\openvpn-gui.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "D:\Users\Highend\Tools\OpenVPN\app\bin\openvpn.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "D:\Users\Highend\Tools\OpenVPN\data\config\up.bat" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "D:\Users\Highend\Tools\OpenVPN\data\config\down.bat" /t REG_SZ /d "RUNASADMIN" /fMy user account is in the administrator group, no active directory present, UAC is disabled.