How to Self-Elevate a Script to Run as Administrator in Batch Script
Many powerful batch scripts perform actions that require administrative privileges, such as modifying the registry, managing services, or changing file associations. If a standard user double-clicks such a script, it will fail with "Access is denied" errors. While you could instruct the user to right-click and "Run as administrator," a truly professional script can handle this automatically by self-elevating.
This guide will teach you the standard, modern pattern for creating a self-elevating batch script. You will learn the two-step logic of checking for privileges and then re-launching with elevation if needed. We will focus on the recommended method using a powerful PowerShell one-liner to trigger the UAC prompt.
The Core Problem: A Standard Run Lacks Privileges
When a user double-clicks a .bat file, the script inherits the permission level of its parent process (usually explorer.exe). This is a standard user token. To perform administrative tasks, the script needs to be running with an elevated token, which is what the User Account Control (UAC) prompt grants. Our script's job is to trigger that UAC prompt for itself.
The Two-Step Logic: Check, then Re-launch
A self-elevating script must follow this exact sequence at the very beginning:
- Check for Admin Rights: The first thing the script does is ask, "Am I already running as an administrator?"
- Act Accordingly:
- If YES: The script has the necessary privileges. It skips the re-launch logic and proceeds directly to its main administrative tasks.
- If NO: The script executes a special command to re-launch itself, this time requesting elevation, which triggers the UAC prompt. The original, un-elevated instance of the script must then immediately exit.
This logic prevents an infinite loop of re-launching.
The Full Self-Elevation Script (The Boilerplate)
This block of code can be placed at the top of any batch script to give it self-elevation capabilities. This example uses the modern PowerShell method.
@ECHO OFF
CLS
ECHO ==========================================================
ECHO Self-Elevating Batch Script
ECHO ==========================================================
ECHO.
REM --- Step 1: Check for Administrator Privileges ---
NET session >nul 2>&1
IF %ERRORLEVEL% EQU 0 (
ECHO [SUCCESS] Administrative permissions confirmed.
GOTO :AdminLogic
) ELSE (
ECHO [FAILURE] Administrative permissions not found.
ECHO Requesting elevation...
GOTO :RequestElevation
)
:RequestElevation
REM --- Step 2: Re-launch self with elevated rights ---
powershell -Command "Start-Process -FilePath '%~f0' -Verb RunAs"
EXIT /B
:AdminLogic
REM --- Main Script Logic (Runs as Administrator) ---
ECHO.
ECHO Welcome to the Administrator section of the script.
ECHO Your commands go here.
ECHO.
ECHO For example, stopping a service:
SC QUERY "Spooler" | FIND "STATE"
PAUSE
ECHO --- Script finished ---
How the Script Works (A Step-by-Step Breakdown)
- The Check (
NET session): TheNET sessioncommand can only be run successfully by an administrator. This makes it a perfect, simple test for elevation. We redirect its output toNULbecause we only care about the%ERRORLEVEL%.- If the command succeeds,
%ERRORLEVEL%is0(we are admin). - If it fails,
%ERRORLEVEL%is non-zero (we are a standard user).
- If the command succeeds,
- The Re-launch (PowerShell):
powershell -Command "...": This executes a PowerShell one-liner.Start-Process: This is the PowerShell cmdlet for launching a program.-FilePath '%~f0': This specifies the program to launch.%~f0is a special batch variable that expands to the full path of the current script file.-Verb RunAs: This is the magic part. TheRunAsverb is what tells the operating system to request elevation, which triggers the UAC prompt.
EXIT /B: After launching the elevated request, the original, un-elevated script must terminate immediately to prevent it from continuing.
An Alternative (Classic) Method: Using VBScript
Before PowerShell was common, the standard way to do this was to have the batch script dynamically create and run a temporary VBScript file. The logic is identical.
The Re-launch Command (VBScript version):
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
ECHO UAC.ShellExecute "%~f0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
cscript "%temp%\getadmin.vbs"
DEL "%temp%\getadmin.vbs"
EXIT /B
This works on older systems but is more complex and involves creating temporary files, which is why the PowerShell method is now preferred.
Common Pitfalls and How to Solve Them
Problem: The User Clicks "No" on the UAC Prompt
If the user denies the UAC elevation request, the new, elevated script instance will simply fail to launch. The original, un-elevated script has already called EXIT /B, so it will terminate. This is the desired, safe behavior. The script simply stops.
Problem: Passing Along Command-Line Arguments
The simple self-elevation script does not pass along any command-line arguments that were given to the original script.
Solution: You must modify the PowerShell command to include the %* variable, which contains all command-line arguments.
powershell -Command "Start-Process -FilePath '%~f0' -ArgumentList '%*' -Verb RunAs"
This ensures that if a user runs MyScript.bat /silent, the elevated instance also receives the /silent argument.
Practical Example: A "Stop Service" Script
This is a complete script that requires admin rights. It includes the self-elevation boilerplate.
@ECHO OFF
REM ==========================================================
REM --- Self-Elevation Boilerplate ---
NET session >nul 2>&1
IF %ERRORLEVEL% NEQ 0 (
ECHO Requesting administrative privileges...
powershell -Command "Start-Process -FilePath '%~f0' -Verb RunAs"
EXIT /B
)
REM ==========================================================
:AdminLogic
TITLE Service Stopper (Running as Administrator)
ECHO.
ECHO This script needs to stop the Print Spooler service.
ECHO.
ECHO Current status of the 'Spooler' service:
SC QUERY "Spooler" | FIND "STATE"
ECHO.
PAUSE
ECHO Attempting to stop the service...
NET STOP "Spooler"
ECHO.
ECHO --- Script Finished ---
PAUSE
Conclusion
A self-elevating script is a professional and user-friendly way to handle tasks that require administrative privileges.
Key components of a successful self-elevation script:
- A reliable check for admin rights at the very beginning of the script (e.g.,
NET session). - An
IF/ELSEstructure that separates the re-launch logic from the main administrative logic. - A robust command to trigger the UAC prompt, with the PowerShell
Start-Process -Verb RunAsbeing the modern and recommended method. - An immediate
EXIT /Bafter requesting elevation to terminate the original, un-elevated script.