Adding 'Run as administrator' right-click menu items for VBScript and PowerShell files

One of my post TechEd 2014 resolutions is to finally cast off my Batch script crutches and start running with with PowerShell and/or VBScript. To that end I assigned myself the task of converting a few of my Batch scripts over to these new languages last week. Right away I found myself annoyed. See, the great thing about Batch is you have this nifty "Run as administrator" context menu item that appears when you right-click on any .BAT or .CMD file. If I run a Batch script once with a simple double-click and it fails then I have the right-click option to provide me with a quick and easy way for me to run the script with elevated credentials. This allows me to quickly determine if some aspect of my code requires administrative permissions. I found out real quick that this menu item appears to be missing for .PS1 and .VBS files.

Now I get why Microsoft did this. It’s probably a security measure to prevent you from accidentally hosing your system by running a bunch of scripts in the Administrator context. It’s certainly not a feature I’d want “Joe User” to have access to. Still us more “advanced” users might want to have this menu item present purely to speed up our script testing process. So to solve this little dilemma for myself I put together two Batch scripts (HA, Ha, yes I’m using Batch to ultimately eliminate Batch) to add the right-click options back in for .PS1 and .VBS files. The scripts I wrote are posted below. Note that with the .VBS script you have two options! One uses CSCRIPT.EXE and the other uses WSCRIPT.EXE. If you don’t know the difference then don’t use the scripts. They also come with no warranties! Use at your own risk!


Add Right-click “Run as administrator” for .PS1 files (PowerShell):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Enable right-click 'Run as Admin' for PowerShell for Windows 7 or Later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Add Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Enabling right-click 'Run as Admin' for PowerShell for Windows 7 or Later... ECHO. :: Add value for UAC shield icon: REG ADD "HKCR\Microsoft.PowerShellScript.1\Shell\runas" /v HasLUAShield /t REG_SZ /d "" /f :: Add value to create context menu item: REG ADD "HKCR\Microsoft.PowerShellScript.1\Shell\runas\command" /ve /t REG_EXPAND_SZ /d "\"%%SYSTEMROOT%%\System32\WindowsPowerShell\v1.0\powershell.exe\" -executionpolicy bypass -nologo -file \"%%1\"" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Remove Right-click “Run as administrator” for .PS1 files (PowerShell):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Disable right-click 'Run as Admin' for PowerShell for Windows 7 or Later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Remove Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Disabling right-click 'Run as Admin' for PowerShell for Windows 7 or Later... ECHO. :: Remove custom 'runas' registry entry: REG DELETE "HKCR\Microsoft.PowerShellScript.1\Shell\runas" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Add Right-click “Run as administrator” for .VBS files (VBScript - WSCRIPT.EXE):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Enable right-click 'Run as Admin' for VBS for Windows 7 or Later (WSCRIPT) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Add Windows context menu item. :: Version: 2.0 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO Enabling right-click 'Run as Admin' for VBS for Windows 7 or Later (WSCRIPT)... ECHO. :: Add value for UAC shield icon: REG ADD "HKCR\VBSFile\Shell\runas" /v HasLUAShield /t REG_SZ /d "" /f :: Add value to create context menu item: REG ADD "HKCR\VBSFile\Shell\runas\Command" /ve /t REG_EXPAND_SZ /d "\"%%SYSTEMROOT%%\System32\wscript.exe\" \"%%1\" %%*" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Add Right-click “Run as administrator” for .VBS files (VBScript - CSCRIPT.EXE):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Enable right-click 'Run as Admin' for VBS for Windows 7 or Later (CSCRIPT) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Add Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Enabling right-click 'Run as Admin' for VBS for Windows 7 or Later (CSCRIPT)... ECHO. :: Add value for UAC shield icon: REG ADD "HKCR\VBSFile\Shell\runas" /v HasLUAShield /t REG_SZ /d "" /f :: Add value to create context menu item: REG ADD "HKCR\VBSFile\Shell\runas\Command" /ve /t REG_EXPAND_SZ /d "\"%%SYSTEMROOT%%\System32\cscript.exe\" \"%%1\" %%*" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Remove Right-click “Run as administrator” for .VBS files (VBScript):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Disable right-click 'Run as Admin' for VBS for Windows 7 or Later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Remove Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Disabling right-click 'Run as Administrator' for VBS for Windows 7 or Later... ECHO. :: Remove custom 'runas' registry entry: REG DELETE "HKCR\VBSFile\Shell\runas" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Using PowerShell to build a GPO-based WMI filter for the SCCM Client install

We recently upgraded our SCCM 2012 server to SP1. I am now in the process of upgrading all the SCCM clients to the latest version (5.00.7804.1000). I use Group Policy to push the client and I wanted to add a WMI filter to the policy to filter out any systems that already have the correct client version. To do that I needed to know where to look for the client version in WMI on a local machine. PowerShell came to my rescue with this command:

Get-WmiObject -namespace root\ccm -class sms_client

Here's a screenshot of the output I got from an up-to-date computer (note the version number):

Using that I was able to construct the following query for my WMI filter:

select * from SMS_Client where ClientVersion < "5.00.7804.1000"

I applied the filter to our SCCM client install policy and now it only runs on machines running client versions older than the one specified. Nice!

BONUS TIP:
There are several ways to do the GPO-based install, I chose to go with running ccmsetup.exe as a startup script in Group Policy Management at the following location:

"Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown)"

I set it up to run the following install string:

ccmsetup.exe /MP:<MySCCMServerName> SMSSITECODE=AUTO