Utility Can Help Reduce UAC Headaches When Working with Scripts

I was almost ready to downgrade my home PC's OS from Windows Vista to Windows XP after yet another ordeal with User Account Control. UAC's security policies in Vista and Windows Server 2008 make developing and testing scripts frustrating and more time-consuming. To avoid the hassles, you can disable UAC, but that's not recommended because of the need for heightened security. Alternatively, you can log on using Vista's built-in Administrator account, but that involves several steps and some precautions. (See the web-exclusive article "Vista's UAC Can Cause Problems When Writing and Running Scripts.")

When I calmed down a bit, I decided to try to find another solution rather than downgrade my OS. After a fair amount of digging and some coding, I devised a workaround: the Elevate Script HTML Application (HTA). This utility lets you run a VBScript or JScript script under administrative privileges with just a few clicks. As Figure 1 shows, you just need to browse to the script, click the ElevateScript button, then click Continue in the UAC box that pops up. Although I wrote the HTA to work on Vista, it will also work on XP.

The Elevate Script HTA relies mainly on the ElevateIt subroutine in Listing 1. The focal point of this subroutine is the ShellExecute method of the Shell.Application object in the Windows Shell API for scripting. This method lets you use the runas verb, which prompts the shell to give the user a higher level of system privileges when executing a certain operation. (The user must already have the privileges needed to execute that operation. Runas doesn't assign new privileges; it simply elevates them.)

Callout B in Listing 1 shows the command that includes the ShellExecute method. As you can see, you need to include several parameters when calling this method. According to MSDN's ShellExecute Method web page, the method's syntax is

ShellExecute(sFile [, vArguments] [, vDirectory] [, vOperation] [, vShow]

Let's first take a look at the vOperation and sFile parameters. The vOperation parameter stipulates the operation to be performed on the file specified by the sFile parameter. In this case, the parameters are runas and wscript.exe, respectively, which tells ShellExecute to elevate the privileges of the user running Windows Script Host's (WSH's) WScript engine.

Although the sFile parameter is required, the vOperation parameter is optional. When you use the vOperation parameter, it needs to be set to a verb supported by the file. (For more information about verbs, see MSDN's Verbs and File Associations web page.)

Like the vOperation parameter, the vArguments, vDirectory, and vShow parameters are optional. The vArguments parameter contains the arguments for the operation. In this case, there's one argument: The pathname of the script you want to run under administrative privileges. The HTA's input field contains that pathname (i.e., File1.value), so the ElevateIt subroutine retrieves it. To make this HTA work with XP, the pathname needs to be enclosed in double quotes. So, instead of using File1.value as the vOperation parameter, I added the necessary double quotes to the pathname and stored it in the ScriptFile variable, as callout A in Listing 1 shows. ScriptFile is then used as the vArguments parameter.

The vDirectory parameter is used to specify the fully qualified path of the directory that contains the file specified by sFile. Because WScript is in the Windows path, there's no need to specify this directory. However, you still need to include an empty string ("").

The vShow parameter stipulates how to initially display the window that belongs to the application that performs the operation. It can take one of the following values:

I wanted the window opened in a normal state, so I used a value of 1.

Elevate Script HTA is a simple application when it comes to coding but is quite handy when you write and run scripts on Vista and Server 2008 because it reduces the scripting headaches brought on by UAC. You can download this HTA clicking the Download the Code Here button at the top of the page. You don't need to customize the HTA at all before using it.