Script Elevation PowerToys for Windows Vista

[Herby]

Script Elevation PowerToys for Windows Vista

Among the many features Windows Vista introduced to address security concerns, User Account Control (UAC) is one of the most significant. With User Account Control, even users who are administrators run most applications with standard privilege, but have "elevation potential" for specific administrative tasks and application functions. After using Windows Vista? for many months, elevating a task or application as necessary has become second nature. However, I also encountered a number of shortcomings when trying to elevate some types of tasks in Windows Vista, and that became frustrating.

So in the spirit of the old Windows? PowerToys, I?ve created a few Script Elevation PowerToys to overcome these limitations.

[/size]

The runas command technique can be applied to just about any file type. For example, the Windows Installer in Windows Vista was designed to "do the right thing" when elevation was required for installing a package. However, some poorly authored packages (where, for example, custom actions are not marked appropriately) will not install correctly with UAC turned on unless they are installed using msiexec.exe from an elevated command prompt.

To allow this to be done directly from Explorer, I created ElevateMSI.inf. This tool clones the default actions for Windows Installer packages (.msi) and patches (.msp) to add an Install as Administrator context menu option for packages and Apply Patch as Administrator for patches.

[/size]

To install these PowerToys, right-click on an INF file, select Install, and approve the elevation. To uninstall, use the Programs and Features selection on the Control Panel.

In case you dig into the INF files and wonder why three PowerToys install elevate.cmd and elevate.vbs into different locations, I?ll explain. Most of the PowerToys are implemented by adding a runas subkey to HKEY_CLASSES_ROOT\objecttype\Shell key for the object type in the Registry.

However, for some PowerToys there were object types I wanted to have two context menu entries cause elevation ("CMD Prompt Here as Administrator" and "PowerShell Prompt Here as Administrator" for Drive and Directory object types; "Run as Administrator" and "Run as Administrator with Command Prompt" for all WSH object types.) Since there can only be one runas key for each object type, I had to implement the second action by calling the elevate command. But since I wanted each INF to be installable and uninstallable independently, I had to put the associated copies elevate.cmd and elevate.vbs in different places. (You can?t increment file usage counters from a raw INF file. Yes, MSI installers would be better, but I wanted installers that could be created and modified with a text editor.) One side effect of this is that only the context menu entries implemented using the runas key will display a shield in the menu.

Summary

I hope you find these tools useful and that they improve your experience with UAC. Perhaps they will inspire you to create PowerToys of your own. (For those who use other scripting languages like Perl or Python on Windows Vista, it should be easy to create an "Elevate Script" PowerToy for those languages as well.) As with all PowerToys, these are unsupported, "use at your own risk" tools. In any event, hMichael Murgolo

Michael Murgolo is a Senior Infrastructure Consultant for Microsoft Consulting Services. He focuses on operating systems, deployment, network services, Active Directory, systems management, automation, and patch management. He is a subject matter expert in the area of desk| Source: Microsoft TechNet | Direct Download: Utility2007_06.exe (159KB) |2007_06.exe[/url] (159KB) |

Edited May 29, 2007 by Herby

[Marcel T]

Whoa, thanks for the heads up Herby, always on the lookout for little Vista apps and tweaks like this. Thanks also for the work you do in general on Vista tips and tweaks, its all good.

[Herby]

Whoa, thanks for the heads up Herby, always on the lookout for little Vista apps and tweaks like this. Thanks also for the work you do in general on Vista tips and tweaks, its all good.

You're welcome! x2 :)