Elevation and altering hosts / system files in windows7

In the past days we started to roll out the first of many windows 7 clients we noticed that some of my collegues where having trouble altering system configuration files. One of the files that was most discussed was the local hosts file that allows you to configure name to ip mappings on the local machine.

The reason this file can`t be edited on the fly is because you need to ‘elevate’ the editor or command prompt to gain write permissions inside the windows folder. Even though you ‘might’ be part of the local administrators groep doesnt mean these priviledges are available on the fly as was the case in XP. Disabling the UAC in this matter will only remove the ‘warnings’ from your screen but still doesnt mean the ‘elevation’ can be skipped for administrative tasks.

In some cases windows 7 will run an program as administrator (elevated) by default, in these cases a ‘small bleu/yellow shield’ will be displayed near the link. In all other cases elevation should be done by ‘you’ or progamatically by the program itself.

But how to elevate in windows 7?

Run single command as administrator
1. open the start menu and locate the ‘search programs and files’ field.
2. In the field type the following command:
notepad c:\%systemroot%\system32\drivers\etc\hosts
3. Next execute this command using the following key combination:
press-hold ‘control + shift’ and hit enter.
4. confirm the UAC message warning you for the elevation.

Step 4 can be used with alternative executables as well but only works (could be a bug) in the ‘search programs and files’ field. Using the ‘windows-key + r’ to open the ‘run dialog’ wont allow you to elevate using the ‘control + shift’ combination.

Shortcut manually as administrator
In XP there was a somewhat ‘hidden’ feature called the ‘run as’ option that appeared when a shortcut was rightclicked while holding the left shift key. In windows 7 microsoft now shows a ‘run as administrator’ option by default (thanks for thatšŸ™‚ ). This means that ‘any’ shortcut can be ran as administrator (elevated) by simply right-clicking it and selecting the ‘run as administrator’ option.

Set shortcut to allways run as administrator
If you like to run programs as administrator by default you will need to create a shortcut on your desktop. Next edit the properties of the shortcut and locate the ‘compatibility’ tab. In the bottom there should be an option called ‘privilege level’ that allows you to set the ‘magic switch’ called ‘run this program ad an administrator’.

Scripts as administrator?
Scripts are always a fun part when it comes to elevation. One thing to take notice about is that non-functioning login scripts are usualy caused by default policies that are in place inside the windows7 host. In other words ‘Configuration errors’. Please refference the microsoft documentation about this.

For all other ‘scripting’ tasks if elevation is required from within your script, have a look at the powertoys ‘elevation’ found here,
http://technet.microsoft.com/en-us/magazine/2008.06.elevation.aspx

Other ‘tricks’ that i have seen used where executing ‘other’ vb scripts from the initial script using a ‘runas wscript’ shell command. Downside is that you might need to hardcode passwords in there wich i think is a ‘worst’ practise in any situation and shouldnt be used. I leave the choice to you on this subject.

Hope this helps.
Rgrds,

About Chris Gralike

Momenteel ben ik manager van de afdeling business continuity bij de zakelijke IT dienstverlener AMIS Services BV. Sinds 2003 ben ik actief in de ICT branche. Tussen 2003 en nu heb ik verschillende rollen vervuld. In de rollen: systeem- en netwerkbeheer, system engineer, servicemanager en nu practice manager ben ik in contact gekomen met uiteenlopende technologieƫn, methodologieƫn, ideeƫn, oplossingen en innovaties. Een rijke ervaring waarmee ik de klanten van Conclusion en AMIS elke dag probeer te ondersteunen. Mijn credo: 'Altijd opzoek een win-win tussen business en technologie.'

Posted on May 27, 2010, in Tooling, Windows 7 Professional and tagged , , , , , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: