How to elevate Scripts, Batch Files and Registry files

We are often asked if Privilege Manager can elevate other items, those other than the obvious *.exe, *.msc and *.msi. In order to elevate things like registry files, batch files and scripts, you simply need to know the format for the rule. Here are the formats for the most frequently requested items.

To elevate a script, simply create a rule to point to the scripting host, then in the arguments field, scope the rule to the specific script you would like to elevate to prevent the user from elevating any script.


















Alternatively, you could use WindowsServer\Netlogon without a file specified at the end which would elevate all scripts in the Netlogon folder.

To elevate a registry merge, simply add the path to regedit.exe, and in the arguments field, scope down to the reg file you wish to elevate:


















Note: The elevation of the *.reg and script files are scoped to the item in the arguments field, the user can not self elevate any script or *.reg file on their own when an argument is present.

Batch files are applications, so you simply need to point to the path (or HASH) of the batch file:



















With these examples in mind, you should be able to create other rules for similar situations (e.g. KIX scripts, java scripts, etc.)