Every now and then you need to run an elevated command from the command line. If the application always requires elevation (i.e. the binary has been marked as requireAdministrator), the UAC prompt shows up — but in the case the application supports both non-elevated and elevated usage and you explicitly want it to run elevated, there is little support for you.
I would have expected start.com to have been augmented by something like a /elevate-switch, but unfortunately, this is not the case and you are left with having to open a new elevated command prompt to continue.
Fortunately, a tool to fill in this gap is straightforward and indeed J. Robbins has already created one. However, the tool is written in C# — it might be old-fashioned, but I still prefer those little tools to be unmanaged and free of the .Net-overhead. I thus created elevate.exe, which provides the same features as John’s tool but is written in C. In fact, it accepts exactly the same command line parameters, which are:
Execute a process on the command line with elevated rights on Vista
Usage: Elevate [-?|-wait|-k] prog [args]
-? - Shows this help
-wait - Waits until prog terminates
-k - Starts the the %COMSPEC% environment variable value and
executes prog in it (CMD.EXE, 4NT.EXE, etc.)
prog - The program to execute
args - Optional command line arguments to prog
Examples:
elevate ipconfig -registerdns elevate -wait procexp elevate -k dir
Having this tool at hand, it is now easy to also extend the shell context menu for directories by an ‘Open Elevated Console here’ entry by adding the following registry entries:
[HKEY_CLASSES_ROOT\Directory\shell\Open Elevated Console here]
@="Open Ele&vated Console here"
[HKEY_CLASSES_ROOT\Directory\shell\
Open Elevated Console here\command]
@="c:\\path\\to\\elevate.exe
/K \"title %1 && color 1a && cd /D %1\""
Download source code, x86 and x64 binary.
Update: You may use the source code under the terms of the MIT License.
LinkedIn Profile
Xing Profile
Follow me on Twitter (new)
very interesting, but I don’t agree with you
Idetrorce
Any chance to combine this with RunAs?
Here’s what I have in mind:
I have two accounts, one for normal office work, another one for domain admin work.
I log on to my workstation with the non-priviledged account and want be able to open admin tools with the other account.
But these tools (AD Users and Computers etc.) require elevation.
Up to now I found no way to combine Elevate and RunAs so that I have to provide credentials only one time.
What does the command you are using look like? Assuming that the domain account you are using for admin work uses UAC in admin approval mode, I’d expect runas /u:domain\account “elevate xyz.msc” to work fine…
I tried
runas /u:domain\account “elevate dsa.msc”
or
runas /u:domain\account “elevate /k \”title something\”"
but I always have to enter the credentials two times:
first for the runas (ok, only the password), then another time for the elevate cmd.
Somehow I expected after doing the runas it should be clear that elevate runs under the other account. Then Vista should only ask for approval.
Is it really the same account that you are using for both, runas and the UAC OTS dialog?
If you perform a regular logon (i.e. no runas but logoff and logon again) on your machine using your admin-domain account and then launch MMC — do you get a UAC consent dialog or an OTS prompt? If the latter is the case (i.e. you have to enter credentials), then the account probably has no local admin rights and the behavior regarding runas/elevate would make sense.
Thank you very much for such a useful utility. Thanks also for releasing the source code.
While this utility looks like exactly the thing I need, I cannot download it, because our firewall blocks the ZIP file because there seems to be a virus SPR/Tool.SIB in it. Can you re-check this and upload it again? (Or mail it to me so I can check it again). Thanks!
Oh well, never mind. I asked our sysadmin, and he got it for me and checked it. Seems like a false alert from our firewall.
Anyways, would it be okay to re-distribute the tool bundled with a hardware product?
Exactly what I need.
I love it’s a compact EXE written in C instead of vbs, cmd, .NET stuff.
Thank you!
This is great. Two questions: How is it licensed and is it possible to suppress the new command prompt when Elevate is used from within an existing command prompt?
Consider it licensed under the MIT license — feel free to change the source or to redistribute the binary.
Concerning your other question — this is the default behaviour of ShellExecute when the runas verb is used. I am not aware of any way to override this behavior.
great tool
I used it with runasspc from robotronic.de to call explorer.exe or cmd.exe under another user account with elevated rights
But since some time symantec detect
elevate.exe as Trojan.Gen
Awesome! Going to use it for starting Tomcat in that freaking program files folder. I had a solution involving VBS (which seems to work on most modern Windows OS) but this is a lot cleaner. Thanks!
It look like it have a problem with running scripts (these from %PATHEXT%). Like python ones. Otherwise it could be perfect windows gksudo replacement. Considering it is MIT licence I will try to implement that.
Brilliant tool!
I just have one question.. I’m trying to use this with Console2 to be able to open an elevated Powershell, but ‘elevate powershell’ pops up in a separate window instead appearing inside Console2 (as when I run simply ‘powershell’.
And to make this tool even more user friendly you can use this script which helps to dispatch the right executor:
@echo off if "%PROCESSOR_ARCHITECTURE%" == "x86" ( @start x86-elevate.exe %* ) else ( if "%PROCESSOR_ARCHITECTURE%" == "AMD64" ( @start x64-elevate.exe %* ) else ( echo Unsupported platform. @pause ) )ok, maybe this version is better for other usages:
@echo off if "%PROCESSOR_ARCHITECTURE%" == "x86" ( %~d0%~p0..\lib\x86\elevate.exe -wait -k "CD %CD% & %* > out & exit" & type out ) else ( if "%PROCESSOR_ARCHITECTURE%" == "AMD64" ( %~d0%~p0..\lib\x86_64\elevate.exe -wait -k "CD %CD% & %* > out & exit" & type out ) else ( echo Unsupported platform. @pause ) )It seems that the file can ‘t be downloaded anymore. Is there someone who can send it to me?
The download should work again, thanks for telling.
Hi, thank you for a usefull utility.
I am trying to add some CMD to start up to run at log in and restart the Explorer elevated (taskkill + elevate), but it doest works every time. Is there a way to elevate explorer at log in?
Thanks a lot for the tool; please note though that this application (by design) does not work on XP and earlier, which is really an unnecessary restriction. I had to change the code to just fallback to “open” instead of “runas” in XP. Works beautifully and we don’t have to abandon XP support.
Useful tool, thanks.
Awesome tool – thanks again for writing this in C.
I’m trying to launch assoc .vlan=”file type description” with your x64 elevate command, however, when I execute
elevate assoc .vlan=”file type description”, I get the following message,
assoc .vlan=”file type description” could not be launched!
Please tell me why this is happening please!
Hi Johannes,
Thank you for such a nice utility. I am using your program to launch jar files under admin access, something like:
<<>> it works fine, however there is one thing that i would like to know. Is there any possibility to know if the user rejected the UAC prompt. Like if users said no, the file will not execute, but is there something that is returned by Elevate.exe that can inform if access was approved or denied?
Ah sorry, i got it, it returns: cmd could not be launched: 1223
thank you this is perfect
I am trying to use this with certutil.exe (builtin windows command) to import certificates on the computer account.
But it seems to work but it dont add any certificates.
If I use the through windows elevated command line prompt, it works but not with the elevated command.
Tried both 32 and 64 bits.
What could be the issue?
This program is much nicer: http://code.kliu.org/misc/elevate/