Sunday, November 15, 2009


Tips On Scripting And The UAC In Windows Vista And Windows 7

When writing scripts for use in Vista / windows 7, you’ve always got to think about security and the User Access Control (UAC) feature.

For instance, with Vista / seven set to its defaults, any applications you launch with a script will be run under the standard (limited) user account. If your script needs to open applications and issue commands (such as the Registry functions ) as the administrator, then your script needs to be run under the administrator account.

You can set wscript.exe to always run in administrator mode, but this would cause all scripts to run under the administrator account, and would open up a nasty vulnerability on your PC. So, what to do?

Unfortunately, you can’t right-click a .vbs file and select Run as administrator, as you can with executables (.exe files). But you can get around this limitation in a few different ways.

First, you can write a one-line batch file (discussed later in this artile) that does nothing more than launch your script. Then, to run the script in administrator mode, right-click the batch file and select Run as administrator.

Or, to run all your scripts in administrator mode without making your system vulnerable, make a copy of the wscript.exe file called something like wscript_admin.exe. Right-click the wscript_admin.exe file, select Properties, choose the Compatibility tab, and then turn on the Run this program as an administrator option.

Next, add a new file type for .vbsa files and associate its Open action with the wscript_admin.exe file. Thereafter, just rename the filename extension of any .vbs file to .vbsa to run the script as an administrator.

Batch Files
When it comes to quick and dirty scripting, it’s hard to beat DOS batch files. Batch files, similar to WSH scripts (discussed earlier in this chapter), are plain-text files with the .bat or .cmd filename extension. However, rather than relying on a complex, unfamiliar scripting language, batch files simply consist of one or more DOS commands, typed one after another.

One of the problems with Windows-based scripting is that it tries to control a graphical environment with a command-based language. Because DOS is a command-based interface, DOS-based scripting (batch files) is a natural extension of the environment.

Consider the following four DOS commands:
cd \windows\temp
attrib -r *.tmp
del *.tmp
If you type these commands into a plain-text editor, such as Notepad, save them into a .bat file, and then execute the batch file by double-clicking or typing its name at the Command Prompt, it will have the same effect as if the commands were manually typed consecutively at the prompt. Obviously, this  can be a tremendous time saver if you find yourself entering the same commands repeatedly.
When you run a batch file, each command in the file will be displayed (echoed) on the screen before it’s executed, which can be unsightly for the more compulsive among us. To turn off the echoing of any given command, precede it with the @ character. To turn off the printing of all commands in a batch file, place the command @echo off at the beginning of the batch file.
To run a batch file, double-click its icon in Explorer or, if it’s in the current working directory (folder), you can type its name at the Command Prompt. You’ll want to put more frequently used, general-purpose batch files in a folder specified in the system path, so that they can be executed regardless of the current working directory.

Although batch files can run Windows programs (just type notepad to launch Notepad), it’s preferable to run Windows programs with WSH scripts, because they’ll be able to run without having to first load a Command Prompt window.

In addition to the standard DOS commands, batch files use a couple of extra statements to fill the holes. Variables, conditional statements, and loops are all implemented with statements that are ordinarily not much use outside of batch files.


About bench3 -

Haja Peer Mohamed H, Software Engineer by profession, Author, Founder and CEO of "bench3" you can connect with me on Twitter , Facebook and also onGoogle+

Subscribe to this Blog via Email :