Run a script with an administrator's account without any user interaction
In this gist, we see how to run any .bat file (or any executable at all) either elevated ("Run as administrator") or with specific user credentials, all without any interaction from the user.
This is particularly useful in creating a GPO to pass out to network users to run a patch or script that requires specific permissions.
Create a batch file that will be pushed out to users via GPO, following the example in "RunAsOther script.bat" (below)
Basically, what happens is that we create a new scheduled task to run the desired .bat file or executable with elevated permissions with the designated credentials, run the task, then delete the task immediately without any user interaction.
This script, then, will call the .bat file or executable using the credentials specified for the temporary elevated account, but will not prompt the user for credentials or UAC confirmation before running the script. It does require providing the username and password in plain text in a script file, but I don’t know if there’s any way around that if you want to script a task to run with specific credentials.
If you just wanted the file to be “Run As Administrator,” you can leave out the /ru and /rp parameters in the “schtasks /create” line to create and run the task as the logged in user. The “/rl highest” parameter is the same as selecting “Run As Administrator.”
If you do specify the credentials to run the task with, the user won’t see any interface at all. The script will just run in the background without any impact on the user. If you don’t specify the credentials, the user will see any GUI elements that are involved with running the script.
schtasks /create /tn {Taskname} /sc once /st 00:00:00 /tr {\\path\to\my.bat} /rl highest /ru {domain\username} /rp {password}
schtasks /run /tn {TaskName}
schtasks /Delete /tn {TaskName} /f