The posted PS script can be reworked to exclusively run batch files, and create a normal desktop shortcut.
Code:
$whitelist = @{
"Script 1" = "C:\Users\GARLIN\batch.cmd"
"Script 2" = "C:\Users\GARLIN\other_batch.cmd"
}
$tasksPath = "\UAC Whitelist"
$shortcutsDir = "$env:USERPROFILE\Desktop"
$user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$principal = New-ScheduledTaskPrincipal -UserId $user -LogonType Interactive -RunLevel Highest
$whitelist.GetEnumerator() | ForEach-Object {
$name = $_.Name
$file = $_.Value
# Create "scheduled" task
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\cmd.exe" -Argument ('/c ' + $file)
$task = New-ScheduledTask -Action $action -Principal $principal
Register-ScheduledTask -Force -InputObject $task -TaskPath $tasksPath -TaskName $name
# Create shortcut to run the above task
$WshShell = New-Object -ComObject WScript.Shell
$shortcut = $WshShell.CreateShortcut("$($shortcutsDir)\$($name).lnk")
$shortcut.TargetPath = "C:\Windows\System32\schtasks.exe"
$shortcut.Arguments = "/RUN /TN `"$($tasksPath)\$($name)`""
$shortcut.IconLocation = "C:\Windows\System32\cmd.exe,0"
$shortcut.WorkingDirectory = "C:\Windows\System32"
$shortcut.Save()
}
batch.cmd
Code:
COPY NUL C:\TEST.txt
The shortcut now runs your file with Admin rights. Or you can call the scheduled task from inside another batch file.
Code:
C:\Users\GARLIN>batch.cmd
C:\Users\GARLIN>COPY NUL C:\TEST.txt
Access is denied.
0 file(s) copied.
C:\Users\GARLIN>schtasks /run /tn "\UAC Whitelist\Script 1"
SUCCESS: Attempted to run the scheduled task "\UAC Whitelist\Script 1".
C:\Users\GARLIN>dir C:\
Volume in drive C has no label.
Volume Serial Number is 16C2-2E4E
Directory of C:\
05/06/2022 10:24 PM <DIR> PerfLogs
07/17/2023 05:44 PM <DIR> Program Files
07/15/2023 02:27 PM <DIR> Program Files (x86)
07/20/2023 02:02 PM 0 TEST.txt
07/17/2023 09:48 PM <DIR> Users
07/16/2023 01:03 AM <DIR> Windows
1 File(s) 0 bytes
5 Dir(s) 26,620,268,544 bytes free
Quote
