How-to: Run with elevated permissions

The CMD shell, START and RUNAS commands have no built-in options to elevate or run individual commands 'As Admin' (elevated).

When using the Start Menu, hold down Shift+Ctrl when launching an application to launch it 'As Admin' (elevated) this has the same effect as if you right click and select Run as local Administrator.

To run an item on the Start menu / Search /Desktop elevated, select it and then press Ctrl+Shift+Enter on the keyboard.

It is also possible to right click CMD.exe (or it's Start menu shortcut) and run a new session 'As Admin'.

Shortcuts can be edited to always run as Admin - Properties | Shortcut | Advanced then tick "Run as administrator".

To elevate from the command line will require running either VBScript or PowerShell, this does not have to involve completely rewriting existing scripts, you can use a couple of lines of either VBScript or PowerShell to launch an elevated CMD.exe and that will run a batch file elevated.

Another approach is to use a third party utility that will elevate permissions.

When a script is run with elevated permissions several aspects of the user environment will change: The current directory, the current TEMP folder and any mapped drives will be disconnected.

Testing for Elevation

Testing if the current session is elevated can be done with the FSUTIL command (via StackOverflow) or SFC.

fsutil dirty query %SYSTEMDRIVE% >nul
If %errorLevel% NEQ 0 (
   Echo Failure, please rerun this script from an elevated command prompt. Exiting...
   Ping 3>&1 > nul
   Exit /B 1
Echo Success: this script is running elevated.

Windows 7 does not require passing a drive letter to FSUTIL, Windows 8 and 10 do.

Run without Elevation

In some cases you may wish to run an application without elevation, this will restrict what the application can do.

The undocumented environment variable __COMPAT_LAYER can be used to lower the ExecutionLevel to RunAsInvoker

@Echo Off
Set __COMPAT_LAYER=RunAsInvoker

The example above will run REGEDIT using the user's native permissions, attempting to modify any protected area of the registry (such as HKLM) within this session will produce an error. Without this, by default Regedit will run elevated.

Scheduled Tasks

If a scheduled task invokes a UAC prompt, then the task will fail to run unattended.
To run a task elevated, select the check box 'Run With Highest Privileges':

Elevate Scheduled task

“A man in public life expects to be sneered at – it is the fault of his elevated situation, and not of himself” ~ Charles Dickens


Compatibility - Backwards compatibility - runas admin / color - this can also force elevation.
PowerShell: Run with Elevated Permissions
VBScript: Run with Elevated Permissions
SS64 Forum thread on UAC detection.
elevate - Command-Line UAC Elevation Utility.

Copyright © 1999-2020
Some rights reserved