Bypassing the need to enter Admin Credentials when running a Batch/Powershell script

I need to develop a script for my client that will disable/enable the WWAN card on his laptop.

  • Client should be able to enable/disable the WWAN card without giving the client administrator credentials or an account
  • Should be user friendly. Like just double clicking the enable or disable shortcut on desktop to toggle on/off.
  • Avoid any method that may compromise security like disabling the need for Elevated credential prompts for all applications. (Only want to bypass for this script)

I have the command to disable/enable WiFi adapter. However, it requires that powershell be run as Administrator otherwise access will be denied.

Disable-NetAdapter -Name "Wi-Fi" -Confirm:$false

I have tried the following to no success. (Either Access Denied or the UAC Pops up and prompts for Admin Credentials):

  • Creating a .Bat file that runs the PS script with ExecutionPolicy -Bypass
powershell.exe -executionpolicy bypass -windowstyle hidden -noninteractive -nologo -file "c:\Users\%username%\Desktop\DisableWifi.ps1"
  • Creating a shortcut of the PS Script with "Run As Admin" Enabled
  • Creating a shortcut with Run As Admin of a .Bat file that enables/disables the Network Adapter.
netsh interface set interface Wi-Fi disable
  • ExecutionPolicy Bypass inside the PS Script
Start-Process powershell.exe -ArgumentList "/noexit", "-executionpolicy bypass","-file C:\Users\$env:UserName\Desktop\DisableWiFi.ps1"

Is there anyway to allow my client to be able to toggle on/off the WWAN card through a script on the desktop without them needing to enter admin credentials?

Thanks!


It can be done.

  • The user must be running as an adminstrator.

Imagine we're back in the Windows XP days. If the user is running as a standard user, they simply cannot perform administrator functions. You can cry and complain as much as you want - but a standard user cannot gain administrator privileges just because they want them.

That has not changed: you have to be an administrator to administrate.

If the user is a standard user: you simply cannot bypass that.

  • So how do make it so the user doesn't need to get an administrator to enter their administrator credentials?
  • make them an administrator!

Which is easy enough to do:

  • don't make them a standard user
  • make them an administrator

But we all know you're complaining about UAC

We all know you're talking about being having to click OK on a UAC dialog. And as much as users hate it: tell them to get an enema and do some deep knee-bends.

Alternatively: you have to turn off UAC - so they run as Administrator all the time.

Thus making any malware able to completely take over their machine the instant it can run.