Before reading this article, I need you to know a little something about UAC. At the minimum you should read my article Let's Talk UAC for the Enterprise. To get a little deeper into the subject, consider reading some detailed articles found here: UAC: An introduction to User Account Control.
After educating yourself on Vista's UAC, you should be aware that there are a great many things that cause elevation of applications:
- Vista can autodetect that an installation program should be run elevated.
- Vista knows that certain programs like GPMC should be run with the highest available token.
- An application's manifest can specify that an elevated token should be used.
- An administrator can specify in the properties of a file that an executable must run with an administrator token.
- A user can right-click on an executable and specify that it be "Run as Administrator".
Not only can the script not have a manifest specifying an elevated token, but there is no obvious way to request elevation. You cannot specify it in the properties of these files since they are not executables. You cannot even right-click and specify that it be "Run as Administrator".
It turns out that there are a number of approaches to this problem (none of which are obvious). All the approaches rely on a basic pair of principles. Vista can only elevate executables (by initiating a new process) AND any processes launched by an elevated process will also be elevated. Each approach may look radically different, but it always boils down to exploiting these principles.
The approaches to elevating non-executables are as follows:
- Elevate a command prompt (CMD) and launch anything needing elevation from there.
- Elevate an instance of Windows Explorer so that anything you launch with it is also elevated.
- Add Run As Administrator to the context menu for additional file types by modifying the registry.
- Find the associated application and run it elevated, then open the required file.
- Create a launcher script that opens the required file with elevation specified.
I will write an article on each of the approaches and turn the bullets into links as they are written. But hopefully I've given you some useful hints in the mean time if you can't wait for me :-)