Run Batch Files and Powershell Scripts with Administrator Permissions easily

David Meego - Click for blog homepageHere is something a little different for you. I have two external drives connected to my Microsoft Surface Book 2 15″ computer. One is a 256GB micro SD card hidden in a BaseQi Ninja Stealth Drive loaded into the SD Card slot and the other is a USB 3.0 connected Western Digital 2TB WD Elements Portable. Both of these drives have BitLocker enabled and have the password remembered on this machine.

Every now and then, the drives fail to initialize correctly and in turn fail to unlock with BitLocker. Even though I can see the drives and their total and used capacity, I cannot access them.

The first solution I used was to restart my machine, but that was a pain even with a fast machine, especially when in the middle of doing something.

The next solution I used to get access back was to unplug the drives and then plug them back in. Even this was annoying as the BaseQi SD Adapter is difficult to get out and the USB drive is connected to the Surface Dock and is behind other equipment.

I was looking for a better solution and worked out that I could “reset” the drives from the Device Manager under Disk Drives, by right clicking on each drive and selecting Disable Device and then selecting Enable Device. This approach worked and avoided the hassle of unplugging the device, but it did take a few steps to perform manually.

After seeing my friend, Ian Grieve, post an article on his blog about using PowerShell to Unlock BitLocker protected drives, I thought that I could probably use PowerShell to disable and enable the drives with a script.

Disclaimer: I probably should have read some more of Ian’s related posts as he has other methods of running PowerShell scripts elevated and bypassing the execution policy issues. But… I didn’t read them until writing this article (see below).

Disclaimer 2: I use lots of batch files to automate my Dexterity development processes, but have never really used PowerShell. I did a training course many years ago but have now forgotten most of it.

So, first thing I needed was a way to control devices from PowerShell. A quick internet search and I found an article by Igor Kulman that explained how it was possible using a PowerShell cmdlet written by Ricardo Mendes available from TechNet.

Using the information from the two articles I was able to write a PowerShell script, which promptly failed to execute on my machine due to the PowerShell Script Execution Policies. Another search reminded me how to change the policy using the Set-ExecutionPolicy cmdlet.

However, changing the policy on the machine permanently is a little bit of a security risk. I wanted to only enable execution of scripts when running my PowerShell script.

To change the policy requires elevated permissions, so I decided to use a method I was already using to elevate permissions for a batch file. I use this in my Dexterity development when I need access to folders protected by UAC (User Access Control).

After installing the DeviceManagement cmdlets in a sub folder, I can now double click on my batch file which will elevate permissions, enable PowerShell scripts, execute my Device Reset PowerShell script and then disable PowerShell scripts.  Now, just a double click and the intermittent drive issue is fixed without rebooting, unplugging hardware or performing lots of manual steps.

Below is the source for the batch file and the PowerShell script:

Batch File: _ResetDrives.bat

@echo off
echo Must Run as Administrator

rem From

:: BatchGotAdmin (Run as Admin code starts)
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
exit /B
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"
:: BatchGotAdmin (Run as Admin code ends)

cd \Tools\

echo Enabling Powershell Scripts
powershell.exe -command "set-executionpolicy remotesigned"

echo Executing Powershell Script to disable and enable external drives
powershell.exe .\_ResetDrives.ps1

echo Disabling Powershell Scripts
powershell.exe -command "set-executionpolicy restricted"

rem pause

PowerShell Script: _ResetDrives.ps1


# Start Windows PowerShell with the "Run as Administrator" option. Only members of the Administrators group on the computer can change the execution policy.
# Enable running unsigned scripts by entering:
# set-executionpolicy remotesigned
# This will allow running unsigned scripts that you write on your local computer and signed scripts from Internet.


Import-Module .\DeviceManagement\Release\DeviceManagement.psd1 #-verbose

Get-Device | where {$ -like "WD Elements 10B8 USB Device*"} | Disable-Device
Get-Device | where {$ -like "SDXC Card*"} | Disable-Device

Get-Device | where {$ -like "WD Elements 10B8 USB Device*"} | Enable-Device
Get-Device | where {$ -like "SDXC Card*"} | Enable-Device

For more information, see the following links:

Hope you find these techniques useful.


This article was originally posted on

Please post feedback or comments

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.