Checking Permissions with Batch Process

There is no denying it… I am a die-hard command-line junkie. When deploying to new systems I have my batch file arsenal with me at all times strictly because it keeps my processes very procedural and standardized. There are times when I come into an environment where the systems have already been deployed. Which makes things a bit challenging especially when dealing with multiple profiles on a single machine. Because of the fact that most of my deployments require SQL Server Express I have batch files setup accordingly that specifies the needed firewall exceptions along with other added automated steps. Just to name a few.

When dealing with existing systems I try to make dual processes 1) when I have admin access and 2) when I don’t have admin access. This all depends on the logged-on user of course. So in order to preserve the natural order of life I do my best to not interfere with user’s settings because it tends to throw them off and generally upsets them. So I keep their environment pretty much intact. In order to maintain consistency I run my dual processes. Not ideal but it works. Of course there are instances where I absolutely require admin access, but for the little items that are merely file placement and such I get by with the separate process.

It sounds like a lot of work, but once you have your batch file laid out the rest is cake. The first thing I do is check to see if the user has elevated privileged. I find trying to query the registry works well in indicating your permission level.

reg query "HKU\S-1-5-19" >NUL
echo %errorlevel%

If I ran this under a user account that is in the Users or Power Users group then the errorlevel will return a value of one.

01.StandardUser

If ran using an account with admin privledges you will see a value of zero returned.

02.AdminUser

The next step is to define the process to execute once the permission level has been determined. This is easily directed with the goto statement. Let’s take a look.

@echo off
color 17
reg query "HKU\S-1-5-19" >NUL
CLS
If Not %errorlevel% == 0 goto UserDeploy
If %errorlevel% == 0 goto AdminDeploy

:UserDeploy
::Run this process
goto end

:AdminDeploy
::Run this process
goto end

:end

I added the CLS on line two to clear the “Error: Access is denied.” message that is displayed on the first screenshot.

CLS

In terms of the dual processes I setup self-extracting zips to deploy to certain directories based on privileges.

Advertisements

2 thoughts on “Checking Permissions with Batch Process

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s