Launch Elevated Command From HTA | Quisitive

With a VBScript you can use the WScript object to check the state of a script and force it to load as elevated. Since the WScript object cannot be used in an HTA script, you cannot perform this same function. However, I have found a work around for this. You can use the ShellExecute method to launch an individual command in an elevated state.

When you use ShellExecute you can enter “runas” for the Operation parameter, it will force the command to execute in an elevated state. This is the equivalent to right-clicking on a file and choosing “Run as administrator.”

In the example below you can see how this can be used to execute an elevated command prompt window.

ShellExecute “cmd.exe”, “”, “”, “runas”, 1

Here is another example where it will launch an elevated command prompt and perform a DNS flush

ShellExecute “cmd.exe”, “/c ipconfig /flushdns”, “”, “runas”, 1

Of course this is not restricted to command prompts. You can use it to launch any application. The syntax for ShellExecute execute is:

ShellExecute “File”, “Arguments”, “Directory”, “Operation”, Show

Just remember to enter “runas” for the Operation parameter.

Below is an example of what a complete HTA script would look like with the previous two examples added.

<html><head><title>Elevated Command</title> <HTA:APPLICATION  APPLICATIONNAME=”Elevated Command”  ID=”ElevatedCommand”  SCROLL=”no”  SINGLEINSTANCE=”yes”/> </head> <SCRIPT Language=“VBScript”> Set objShell = CreateObject(“Shell.Application”)Sub Window_Onload                window.resizeTo 360,360End Sub Sub RunCMD    objShell.ShellExecute  “cmd.exe”, “”, “”, “runas”, 1End SubSub RunFlush    objShell.ShellExecute  “cmd.exe”, “/c ipconfig /flushdns”, “”, “runas”, 1End Sub</SCRIPT> <body bgcolor=“buttonface”><center><p><font face=“verdana” color=“red”>Elevated Command</font></p>If you do not have local administrator permissions, you will be prompted to supply them. This must be run as a local administrator. <p><input id=runbutton  class=“button” type=“button” value=“Launch Elevated CMD” name=“db_button”  onClick=“RunCMD”><p><input id=runbutton  class=“button” type=“button” value=“Flush DNS” name=“db_button”  onClick=“RunFlush”><p></center></body></html>

For more information on the ShellExecute method refer to MSDN –

I recently ran into a problem while trying to write a DWORD registry value using the RegWrite method in a VBScript. When I tried to write the value “2705144907” I received the error message:

Microsoft VBScript runtime error: Overflow

The script syntax I was using is shown below.

set oShell = Wscript.CreateObject(“Wscript.Shell”)oShell.RegWrite “HKCU\SOFTWARE\Test\HexValue”, 2705144907, “REG_DWORD”

What causes this problem? The RegWrite method uses the Long type variable. The Long variable is an integer in the range of -2,147,483,648 to 2,147,483,647. Since the value I am trying to add in my script (2,705,144,907) is outside this range the script will fail with the Overflow error.

So how can you write a value that is outside this range? All you have to do is convert the value from decimal to hexadecimal and use hexadecimal value in the script.

Step 1. Convert your variable from decimal to hexadecimal

  1. Open Windows Calculator
  2. Click on View and select Programmer
  3. On the left panel ensure Dec is selected
  4. Enter your value
  5. Click on Hex in the left panel
  6. Make note of the value.

This value is your hexadecimal variable. In this example 2705144907 becomes A13D3C4B.

Step 2. Enter the hexadecimal value into your script.

Note: When entering a hexadecimal variable in a VBScript you must add the &H prefix. If you do not add the &H prefix you will receive a Type mismatch error. Therefore our final variable should be set to &HA13D3C4B.

The final working script:

set oShell = Wscript.CreateObject(“Wscript.Shell”)oShell.RegWrite “HKCU\SOFTWARE\Test\HexValue”, &HA13D3C4B, “REG_DWORD”