Windows – Runas Admin account behavior difficulty

I am trying to run a batch file that stops the print spooler, deletes the spooler queue, and restart the spooler. The actual command I stole off the internet to do the file deletion is as follows:

del %systemroot%\System32\spool\printers\* /Q /F /S

The systems that initially ran it were Windows 7 Professional computers with administrator level users so it would run just fine. Now that I am trying to run this batch file on normal level user accounts. The workaround I found that worked at the time was to start the batch file using runas as a shortcut. As a chopped up example:

Runas /savecred /user:DOMAIN\Administrator "File Path\File.bat"

I do have the Local Administrator account enabled and password protected, and this had worked well for me so far. But now I am trying to use this shortcut in Windows 10 Professional, and I am getting mixed results.

If the system had been upgraded from Windows 7 both the shortcut and batch file works as intended. If the System came with Windows 10 preloaded it will not work, on any user or admin level user account besides the original Administrator account. The batch file gives an access denied error when trying to delete the spooler files. Running the shortcut or the even the batch file logged in under Administrator does not work either, but requires "Run As Administrator" elevation under the context menu.

My guess is some policy or security setting is being kept from Windows 7 that Windows 10 normally does not allow. Does anyone have an idea what this might be?

Or, if there is a better way to do this I'm all for it, but I am looking to not prompt the user at all.

Best Answer

Given the information, one generic approach for such problems of permissions might be:

As an admin, create a new Event log source on the computer, e.g. The following Powershell command will do:

New-EventLog -LogName Application -Source PrinterFixer

Still as admin create a new event log entry, e.g. using the following Powershell command:

Write-EventLog -LogName Application -Source PrinterFixer -EntryType Warning -EventId 1 -Message "Printer issue, reset queue"

Open the Event log (Eventvwr) to find the new event. From there you can right-click on it and choose 'Attach task to this event'.
Proceed through the wizard setting up the scheduled task that will run when the above events are created. This could be a batch file to clear the directory etc..
Once complete, open up the Windows Scheduled tasks and navigate to the folder that contains the "Event viewer tasks". From here you can edit the new task to ensure it runs as the required user, runs when not logged in etc..

With the task and trigger complete, you can log on as a user and run the same command to create the event, e.g.

This will cause the task to run. Eventcreate.exe could also be used but in either case, I could image a shortcut for the user that creates the Event log entry.

One benefit of this approach is you get an audit of who and how often the user is performing this operation and could help to troubleshoot the underlying cause. The steps to set up the task and event log could be automated if needed.

Best Answer

Related Solutions

How to run something as Administrator via Cygwin’s SSH

Windows – Batch file with commands to run as administrator and standard user

Related Question