Bypassing the need to enter Admin Credentials when running a Batch/Powershell script
I need to develop a script for my client that will disable/enable the WWAN card on his laptop.
- Client should be able to enable/disable the WWAN card without giving the client administrator credentials or an account
- Should be user friendly. Like just double clicking the enable or disable shortcut on desktop to toggle on/off.
- Avoid any method that may compromise security like disabling the need for Elevated credential prompts for all applications. (Only want to bypass for this script)
I have the command to disable/enable WiFi adapter. However, it requires that powershell be run as Administrator otherwise access will be denied.
Disable-NetAdapter -Name "Wi-Fi" -Confirm:$false
I have tried the following to no success. (Either Access Denied or the UAC Pops up and prompts for Admin Credentials):
- Creating a .Bat file that runs the PS script with ExecutionPolicy -Bypass
powershell.exe -executionpolicy bypass -windowstyle hidden -noninteractive -nologo -file "c:\Users\%username%\Desktop\DisableWifi.ps1"
- Creating a shortcut of the PS Script with "Run As Admin" Enabled
- Creating a shortcut with Run As Admin of a .Bat file that enables/disables the Network Adapter.
netsh interface set interface Wi-Fi disable
- ExecutionPolicy Bypass inside the PS Script
Start-Process powershell.exe -ArgumentList "/noexit", "-executionpolicy bypass","-file C:\Users\$env:UserName\Desktop\DisableWiFi.ps1"
Is there anyway to allow my client to be able to toggle on/off the WWAN card through a script on the desktop without them needing to enter admin credentials?
Thanks!
It can be done.
- The user must be running as an adminstrator.
Imagine we're back in the Windows XP days. If the user is running as a standard user, they simply cannot perform administrator functions. You can cry and complain as much as you want - but a standard user cannot gain administrator privileges just because they want them.
That has not changed: you have to be an administrator to administrate.
If the user is a standard user: you simply cannot bypass that.
- So how do make it so the user doesn't need to get an administrator to enter their administrator credentials?
- make them an administrator!
Which is easy enough to do:
- don't make them a standard user
- make them an administrator
But we all know you're complaining about UAC
We all know you're talking about being having to click OK
on a UAC dialog. And as much as users hate it: tell them to get an enema and do some deep knee-bends.
Alternatively: you have to turn off UAC - so they run as Administrator all the time.
Thus making any malware able to completely take over their machine the instant it can run.