I have a first bat file that needs admin rights, so the user will run it "As an administrator", then my second bat file should NOT have admin rights (need to drag & drop from Explorer).
I tried to open the second bat file from the first one with the following commands but I can't drag & drop into the second one if the first one it started as an admin.
runas /trustlevel:0x20000 "cmd /C %~dp0upload.bat"
and
%~dp0upload.bat
How can I do that?
UPDATE: full code
@echo off &setlocal
if not exist "MyFolder" GOTO :prog
runas /trustlevel:0x20000 "cmd /C %~dp0upload.bat"
exit /B
:prog
more code.....
exit
UPDATE 2: other attempts
Using
runas /trustlevel:0x20000 "call %~dp0upload.bat"
throws an error like mentioned here
UPDATE 3: using vbs
Ok, I manage to open the first batch as normal user and from there I call another bat with elevated rights using:
setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "temp.bat", "ELEV & !given_name!", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
Now I need to pass !given_name! to the second bat file but I'm not sure how to pass it and how to retrieve it in that second bat.
The behaviour is by design, to avoid security risks.
Can't drag programs into cmd window
But in your case it seems to be a bit paranoid, as you removed the privileges...
But perhaps you can change the order of elevation.
You could start an unelevated batch for your drag&drop operations and this batch starts your elevated batch file with one of the elevation methods.
The question about transfering a variable (given_name).
Change "ELEV & !given_name!" to "!given_name!" this can be accessed with %1 from temp.bat.