Running batch file in FirstLogonCommand

**jfmartel** · May 11, 2007

Hello, is there a way to temporary disable the UAC from popping authorization.

I am running an unattended batch file on my first logon (Im logging with a domain account, that has local administrator rights).

That batch files performs stuff like importing registry tweak and other stuff and need admin rights (even if Im logged with an admin account)

If it's impossible, is there another way to do that?

Thanks

**MAVERICKS CHOICE** · May 11, 2007

You need to give us more info, where are you running this from etc? It can be done in the ans file using syncronous cmd's & UAC won't be an issue. This of course is done prior to the shell starting up.

**jfmartel** · May 11, 2007

Ok here is my unattended file

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
	<servicing></servicing>
	<settings pass="specialize">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<ComputerName>TEST</ComputerName>
			<RegisteredOrganization>%MACHINEDOMAIN%</RegisteredOrganization>
			<RegisteredOwner>John Doe</RegisteredOwner>
			<TimeZone>US Eastern Standard Time</TimeZone>
			<StartPanelOff>false</StartPanelOff>
			<ProductKey></ProductKey>
		</component>
		<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<Identification>
				<Credentials>
					<Domain>domaine</Domain>
					<Password>admin</Password>
					<Username>Administrator</Username>
				</Credentials>
				<JoinDomain>Domain</JoinDomain>
				<UnsecureJoin>false</UnsecureJoin>
				<DebugJoin>false</DebugJoin>
			</Identification>
		</component>
		<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<SystemLocale>fr-CA</SystemLocale>
			<UILanguage>fr-CA</UILanguage>
			<UILanguageFallback>fr-FR</UILanguageFallback>
			<UserLocale>fr-CA</UserLocale>
			<InputLocale>0c0c:00001009</InputLocale>
		</component>
		<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<StartPages>
				<StartPage wcm:action="add">
					<StartPageKey>FSE</StartPageKey>
					<StartPageUrl>www.google.ca</StartPageUrl>
				</StartPage>
			</StartPages>
		</component>
		<component name="Security-Malware-Windows-Defender" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<DisableAntiSpyware>true</DisableAntiSpyware>
		</component>
	</settings>
	<settings pass="oobeSystem">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<OOBE>
				<HideEULAPage>true</HideEULAPage>
				<SkipMachineOOBE>true</SkipMachineOOBE>
				<SkipUserOOBE>true</SkipUserOOBE>
				<NetworkLocation>Work</NetworkLocation>
				<ProtectYourPC>1</ProtectYourPC>
			</OOBE>
			<UserAccounts>
				<AdministratorPassword>
					<Value></Value>
					<PlainText>false</PlainText>
				</AdministratorPassword>
			</UserAccounts>
			<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
			<TimeZone>Eastern Standard Time</TimeZone>
			<AutoLogon>
				<Password>
					<Value>Value>
					<PlainText>false</PlainText>
				</Password>
				<Domain>domaine</Domain>
				<Enabled>true</Enabled>
				<LogonCount>1</LogonCount>
				<Username>WDS_Autologon</Username>
			</AutoLogon>
			<FirstLogonCommands>
				<SynchronousCommand wcm:action="add">
					<Order>10</Order>
					<CommandLine>\\server.domain.dom\REMINST\Addons\Script\cleanup.cmd</CommandLine>
					<Description>Registry tweak</Description>
				</SynchronousCommand>
			</FirstLogonCommands>
		</component>
	</settings>
	<settings pass="offlineServicing">
		<component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<DriverPaths>
				<PathAndCredentials wcm:action="add" wcm:keyValue="1">
					<Credentials>
						<Domain>domaine.dom</Domain>
						<Password>admin</Password>
						<Username>administrator</Username>
					</Credentials>
					<Path>\\server.domain.dom\REMINST\Drivers\Net</Path>
				</PathAndCredentials>
			</DriverPaths>
		</component>
	</settings>
	<cpi:offlineImage cpi:source="wim:d:/vista_business.wim#Windows Vista BUSINESS" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

This is what's inside my batch file

set _AppPath=\\server.domaine.dom\REMINST\Addons
Set _defaultuser=%PUBLIC%\..\Default

REG LOAD HKLM\User "%_defaultuser%\NTUSER.DAT"
regedit /s "%_AppPath%\Registry\regtweaks.reg"
REG UNLOAD HKLM\User

shutdown.exe -r -f -t 40 -c "Windows Vista will reboot"

**FireGeier** · May 11, 2007

Hello jfmartel!

To disable UAC during setup insert the following synchronus command into specialize pass:

cmd /c reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

To enable UAC again use:

cmd /c reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

Note:

If you execute this last command from within a batch you don't need the cmd /c at the beginning. But to disable UAC during specialize pass without using a batch the introducing cmd /c is a must!

Regards,

Martin

BTW, for an other way look here.

Edited May 11, 2007 by FireGeier

**jfmartel** · May 11, 2007

Hi, thanks for this quick reply.

If I leave the credentials blank, what will be use?

Do I have to enter the local admin credentials or the domain account (which is admin of the computer)

EDIT: I left the credentials blank and it worked pretty well! THANKS A LOT! This made my day

Edited May 15, 2007 by jfmartel

Sign In

Running batch file in FirstLogonCommand

Recommended Posts

jfmartel

MAVERICKS CHOICE

jfmartel

FireGeier

jfmartel

Please sign in to comment

Recently Browsing 0 members

Activity

Browse