diff --git a/FolderTemplateProvisioner.bat b/FolderTemplateProvisioner.bat
index 9dac093..1606c74 100644
--- a/FolderTemplateProvisioner.bat
+++ b/FolderTemplateProvisioner.bat
@@ -1,52 +1,83 @@
:: Name: ws-folder-template-provisioner
-:: Version: 1.1
-:: Date: 20200719
+:: Version: 1.2
+:: Date: 20200730
:: GitHub Repository: https://github.com/wandersick/ws-folder-template-provisioner
:: Description:
:: This Windows batch script provisions (copies) new folders with exact permissions and content
:: from a specified existing folder (template) based on the information (first name & last name)
:: inputted by a user via its command-line interface.
::
-:: It solves a problem using 'robocopy /MIR /COPYALL' in which folders copied using Windows
-:: Explorer (a.k.a. File Explorer) may not retain unique permissions and inherit permissions
-:: from parent folder.
-::
-:: The script has been designed with care to improve usability and avoid accidental deletion.
+:: It solves a problem using 'robocopy /MIR /COPYALL /ZB' (built-in) where folders copied using
+:: Windows Explorer (a.k.a. File Explorer) may not retain unique permissions and inherit
+:: permissions from parent folder.
+::
+:: What's New:
+:: Support of network-shared folder in UNC form ('\\...') is available
+:: - In other words, for drives mapped using a drive letters, they are supported by specifying
+:: the UNC path within this script. See 'How to Set up the Scripts' section below.
+:: - To test or use this script for non-network cases (local drives) from v1.2 and on, specify
+:: \\127.0.0.1\... or \\localhost\... where required
::
+:: Support of non-admin users, provided by 'runas /savecred' (built-in)
+:: - If users do not have admin rights, _runasAdmin.bat (included optional script) can be edited
+:: to leverage 'runas /savecred' to run FolderTemplateProvisioner.bat (main script) as admin
+:: without entering admin credentials
+::
:: Features: Refer to README.md
::
:: Requirements:
-:: 1. Windows OS with robocopy
-:: 2. Administrator rights (required by robocopy /COPYALL)
-::
+:: - Windows OS with robocopy
+:: - Non-admin rights (partially supported with an optional setup on _runasAdmin.bat)
+:: - admin rights (with or without UAC)
+::
:: Script Filenames:
:: 1. FolderTemplateProvisioner.bat (main script)
-:: 2. _elevate.vbs (optional, for UAC elevation if admin rights are unavailable)
+:: 2. _elevate.vbs (optional, for admin users with UAC turned on, trigger UAC elevation prompt)
+:: 3. _runasAdmin.bat (optional, for non-admin users to leverage 'runas /savecred' to run as admin)
::
-:: Setting up the Scripts:
-:: 1. Edit `templateName` variable at the upper area of 'FolderTemplateProvisioner.bat' script
+:: How to Set up the Scripts:
+:: 1. (Optional - in case users executing the script would not have admin rights):
+:: Edit the UNC path in _runasAdmin.bat setting it to the the script path, e.g.
+:: \\serverName\d$\Human Resources\01_Personnel-Files\FolderTemplateProvisioner.bat
+:: - It must be a UNC path starting with "\\" instead of a drive letter
+:: - This script (runas /savecred) needs to be run once on PCs of users who need
+:: to use the script without admin credentials. (The first run involves prompting for
+:: admin credentials where admin needs to be there to input admin password once)
+:: 2. Edit 'encPath' variable at the upper area of 'FolderTemplateProvisioner.bat' script
+:: by setting it to the network folder containing the script, e.g.
+:: \\serverName\d$\Human Resources\01_Personnel-Files
+:: 3. Edit 'templateName' variable at the upper area of 'FolderTemplateProvisioner.bat' script
:: by setting it to the folder acting as the template, e.g.
:: 'ZZ IT_do not use\01 Template Folder', with required files and permissions inside
-:: 2. Place both scripts ('FolderTemplateProvisioner.bat' and optionally '_elevate.vbs') inside
-:: a folder containing 'A,B,C...Z' sub-folders, sitting beside them. The 'A-Z' folders contains
-:: the template folder and provisioned folders named 'LASTNAME, Firstname' copied by the script
-:: from the template folder
+:: 4. Place all scripts ('FolderTemplateProvisioner.bat', optionally '_elevate.vbs' and
+:: '_runasAdmin.bat') inside a folder containing 'A,B...Z' sub-folders, sitting aside.
+:: The 'A-Z' folders contains the template folder and provisioned folders named
+:: 'LASTNAME, Firstname' copied by the script from the template folder
::
:: Folder Hierarchy: Refer to README.md
::
:: How to Provision a New Folder:
:: 1. Double-click FolderTemplateProvisioner.bat and follow on-screen instructions
+:: - Note: for non-admin users, they should run "_runasAdmin.bat" (never run "_elevate.vbs")
:: 2. Input last name and first name
:: 3. Review the input
:: 4. Wait for robocopy file copy (folder template provisioning)
-:: 5. Verify the created folder (which pops up optionally at the end)
+:: 5. Verify the created folder
::
:: Screenshots: Refer to README.md
@echo off
+
+:: Clear UNC error message that can be ignored, e.g.
+:: '\\path\to\somewhere'
+:: CMD.EXE was started with the above path as the current directory.
+:: UNC paths are not supported. Defaulting to Windows directory.
+cls
+
setlocal enabledelayedexpansion
-:: Define your template folder name here (without quotes)
+:: Define the UNC path to file share and your template folder name here (without quotes)
+set uncPath=\\127.0.0.1\d$\Dropbox (CSS)\CSS Main Folder (1)\07 Human Resources\01_Personnel-Files
set templateName=ZZ IT_do not use\01 Template Folder
:: Set the working directory where script is located by %~d0%~p0 (e.g. x:\...\here)
@@ -89,7 +120,7 @@ attrib -h "%windir%\system32" | find /i "system32" >nul 2>&1
if %errorlevel% EQU 0 (
REM only when UAC is enabled can this script be elevated. Otherwise, non-stop prompting will occur.
if "%UACenabled%" EQU "1" (
- cscript //NoLogo "%WorkingDir%\_elevate.vbs" "%WorkingDir%" "%WorkingDir%\FolderTemplateProvisioner.bat" >nul 2>&1
+ cscript //NoLogo "%WorkingDir%_elevate.vbs" "%WorkingDir%" "%WorkingDir%FolderTemplateProvisioner.bat" >nul 2>&1
goto :EOF
) else (
echo.
@@ -136,7 +167,7 @@ set goAhead=
echo.
echo ___________________________________________________________________
echo.
-echo :: Based on the entry, below folder will be created:
+echo :: Please ensure the folder does not exist; otherwise, any existing data will be overwritten:
echo.
echo Folder name: "%lastName%, %firstName%"
echo.
@@ -181,59 +212,6 @@ set lastName1st=
REM Grab first letter from last name
set lastName1st=%lastName:~0,1%
-dir "%templateName%">nul 2>&1
-if %errorlevel% NEQ 0 (
- echo.
- echo ___________________________________________________________________
- echo.
- echo :: Error: Template folder name "%templateName%" does not exist in target location
- echo.
- echo Or it is defined wrongly in the script
- echo.
- endlocal
- echo Press any key to quit . . .
- pause >nul
- goto :EOF
-)
-
-REM Enter the responsible single-letter folder
-pushd %lastName1st%>nul 2>&1
-if %errorlevel% NEQ 0 (
- echo.
- echo ___________________________________________________________________
- echo.
- echo :: Error: Target A-Z folder "%lastName1st%" is invalid or inaccessible. Please check and try again
- echo.
- popd
- pause
- goto :enterName
-) else (
- popd
-)
-
-if exist "%lastName1st%\%folderName%" (
- echo.
- echo ___________________________________________________________________
- echo.
- echo :: Warning: A folder with the same name as "%folderName%" already exists
- if "!folderOpened!" NEQ "1" (
- echo.
- echo Please confirm it is unneeded . . . Opening the folder . . .
- ping 127.0.0.1 -n 2 >nul 2>&1
- explorer "%lastName1st%\%folderName%"
- set folderOpened=1
- )
- echo.
- set /p goAhead= :: Are you sure to DELETE it and replace it with a new one? ^(Answer 'N' to quit if unsure^) [Y,N]
-
- if /i "!goAhead!" EQU "N" (
- goto :enterName
- ) else if /i "!goAhead!" EQU "Y" (
- goto :createFolder
- ) else (
- goto :folderExistenceCheck
- )
-)
:: Create folder
:createFolder
@@ -248,7 +226,7 @@ ping 127.0.0.1 -n 2 >nul 2>&1
REM Copy template folder as a new folder
set robocopyError=
-robocopy "%templateName%" "%lastName1st%\%folderName%" /MIR /COPYALL /TEE /LOG+:%Temp%\FolderCreator.log
+robocopy "%uncPath%\%templateName%" "%uncPath%\%lastName1st%\%folderName%" /MIR /COPYALL /ZB /TEE /LOG+:%Temp%\FolderCreator.log
if %errorlevel% GTR 3 set robocopyError=%errorlevel%
:: Folder created
@@ -260,24 +238,18 @@ echo.
echo :: Completed
echo.
if defined robocopyError goto :robocopyError
-set /p goAhead= :: Open the new folder now? [Y,N]
-if /i "%goAhead%" EQU "N" (
- goto :end
-) else if /i "%goAhead%" EQU "Y" (
- explorer "%lastName1st%\%folderName%"
- goto :end
-) else (
- goto :folderCreated
-)
+echo Press any key to quit . . .
+pause >nul
+goto :end
:: End
:end
endlocal
cls
echo.
-echo Thank you for using :^)
+echo Don't forget to verify the created folder :^)
echo.
-echo Have a good day!
+echo Thank you for using!
echo.
ping 127.0.0.1 -n 2 >nul 2>&1
cls
diff --git a/README.md b/README.md
index 0dc2ccb..757848a 100644
--- a/README.md
+++ b/README.md
@@ -1,55 +1,55 @@
# Folder Template Provisioner
-This Windows batch script provisions (copies) new folders with exact permissions and content from a specified existing folder (template) based on the information (first name and last name) inputted by a user via its command-line interface.
+This Windows batch script provisions (copies) new folders with exact permissions and content from a specified existing folder (template) based on the information inputted by a user via its command-line interface. It hopes to reduce the burden of Windows admins by handling over the task of folder provisioning to users.
-It solves a problem using `robocopy /MIR /COPYALL` in which folders copied using Windows Explorer (a.k.a. File Explorer) may not retain unique permissions and inherit permissions from parent folder.
+It uses `robocopy /MIR /COPYALL /ZB` (built-in) to solve the problem where folders copied using Windows Explorer (a.k.a. File Explorer) may not retain unique permissions and inherit permissions from parent folder.
-The script has been designed with care to improve usability and avoid accidental deletion.
+## What's New
+
+- Support of network-shared folder in UNC form (`\\...`)
+- Partial support of non-admin users, made possible with `runas /savecred`
## Features
- Accept input from user
- - First name and last name
+ - First name and last name (feel free to modify them for other use cases where appropriate)
- Copy a new folder using specified template folder retaining exact permissions and content using `robocopy /MIR /COPYALL` named in `LASTNAME, First Name` format according to user input
-- Protection
- - Guard against data loss if target folder already exists
- - Target folder is popped up for user to check
- - Confirmation from user is required before continuing
- - Validate source template folder and target folder before running `robocopy`
-- Automatic UAC prompt
+- Support of network-shared folder in UNC form (`\\...`) is available
+ - In other words, for drives mapped using a drive letters, they are supported by specifying the UNC path within this script. See [How to Set up the Scripts](#user-content-step-by-step---how-to-provision-a-new-folder) section below
+ - To test or use this script for non-network cases (local drives) from v1.2 and on, specify `\\127.0.0.1\...` or `\\localhost\...` where required
+- Support of admin users with UAC enabled
- Automatically elevate the script to run it as admin if UAC (User Account Control) is enabled but admin rights are unavailable. This requires an optional script in the same folder (`_elevate.vbs`)
+- Partial support of non-admin users using `runas /savecred` (built-in)
+ - If users do not have admin rights, `_runasAdmin.bat` (included optional script) can be edited to leverage `runas /savecred` to run `FolderTemplateProvisioner.bat` (main script) as admin without entering admin credentials
+ - Also refer to [Security Notes](#user-content-security-note) on the risk involved naturally with `runas /savecred`
- Error checking and messages available
- Windows Script Host is unavailable (for the UAC elevation VBScript)
- Admin rights are unavailable
- Invalid first name / last name
- - Target `A-Z` folder is invalid or inaccessible
- - Template folder name does not exist in target location or wrongly defined in the script
- - Target folder already exists, requiring user to confirm
- File copy (folder template provisioning) failure and the `robocopy` return code
- Confirmation prompt
- - Names inputted by user are shown again for review and confirmation
- - A folder with the same name already exists, where confirmation is required from user before continuing, as `robocopy /MIR` (mirror), the command responsible for copying folder templates, would result in loss of data in existing folder
-- Pop up target folder automatically for convenience
- - Optionally at the end of successful folder creation
- - Or, when a folder with the same name already exists, where confirmation is required from user before continuing
+ - Names inputted by user are shown again for review and confirmation, requesting user to confirm there is no existing files
- Logging
- A `robocopy` log file is saved and appended to `%Temp%\FolderCreator.log`. As this is not meant to be permanent, it can get deleted by system shortly afterwards
## Requirements
1. Windows OS with `robocopy`
-2. Administrator rights (required by `robocopy /COPYALL`, referring to the last screenshot in this README document)
+2. admin rights (with or without UAC)
+3. Non-admin rights (partially supported with an optional setup on `_runasAdmin.bat`)
## Script Filenames
1. `FolderTemplateProvisioner.bat` (main script)
-2. `_elevate.vbs` (optional, for UAC elevation if admin rights are unavailable, provided that User Account Control is enabled in the system)
+2. `_elevate.vbs` (optional, for admin users with UAC turned on, trigger UAC elevation prompt)
+3. `_runasAdmin.bat` (optional, for non-admin users to leverage `runas /savecred` to run as admin)
## Folder Hierarchy
```c
│ FolderTemplateProvisioner.bat // main script
-│ _elevate.vbs // UAC elevation script (optional)
+│ _elevate.vbs // For admin users with UAC enabled to auto-trigger UAC prompt (optional)
+│ _runasAdmin.bat // For non-admins to run as admin without admin credentials (optional)
│
├───ZZ IT_do not use\01 Template Folder // Template folder (this can be a sub-folder)
│ // with folders/files of set permissions to copy
@@ -70,18 +70,43 @@ The script has been designed with care to improve usability and avoid accidental
└───Z
```
-## Steps by Step - How to Set up the Scripts
+## Step by Step - How to Set up the Scripts
+
+**Step 1**. Skip this step and go straight to step 2 if users have admin rights. This is for cases where users executing the script do not have admin rights.
+
+Edit the UNC path in `_runasAdmin.bat` setting it to the the script path, e.g. `\\serverName\d$\Human Resources\01_Personnel-Files\FolderTemplateProvisioner.bat`
+
+- It must be a UNC path starting with "\\" instead of a drive letter
+
+Edit `/u:DOMAIN\username` by changing `DOMAIN` to the Active Directory domain name (NETBIOS name), and the `username` as the admin user. For non-domain (workgroup) scenarios, `DOMAIN` can be skipped by removing `DOMAIN\`
+
+- If a non-domain account is specified, `runas` command still requires the PC to be connected to domain. This appears to be a limitation of `runas`
+
+- User Account Control (UAC) has to be disabled, i.e. setting `EnableLUA` to `0` under Windows registry `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`, or the target runas user is the [built-in domain or local Administrator account](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account) which is unaffected by UAC.
-1. Edit `templateName` variable at the upper area of `FolderTemplateProvisioner.bat` script by setting it to the folder acting as the template, e.g. `ZZ IT_do not use\01 Template Folder`, with required files and permissions prepared inside
-2. Place both scripts (`FolderTemplateProvisioner.bat` and optionally `_elevate.vbs`) inside a folder containing `A,B,C...Z` sub-folders, sitting beside them. The `A-Z` folders contains the template folder and provisioned folders named '`LASTNAME, Firstname`' copied by the script from the template folder
+ - Kindly ensure the [group policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account) `User Account Control: Use Admin Approval Mode for the built-in Administrator account` is `undefined` or `disabled`; otherwise, it may prevent the built-in administrator account from bypassing UAC limitations (in case this approach is chosen instead of disabling UAC)
+
+Before `_runasAdmin.bat` (or the `runas /savecred ...` command) can be run by non-admin users, it needs to be **run once on PCs of users who need to use Folder Template Provisioner** without admin credentials. (The first run involves prompting for admin credentials where an admin needs to be there to input admin password once)
+
+**Step 2**. Edit `encPath` variable at the upper area of `FolderTemplateProvisioner.bat` script by setting it to the network folder containing the script, e.g. `\\serverName\d$\Human Resources\01_Personnel-Files`
+
+**Step 3**. Edit `templateName` variable at the upper area of `FolderTemplateProvisioner.bat` script by setting it to the folder acting as the template, e.g. `ZZ IT_do not use\01 Template Folder`, with required files and permissions inside
+
+**Step 4**. Place all scripts (`FolderTemplateProvisioner.bat`, optionally `_elevate.vbs` and `_runasAdmin.bat`) inside a folder containing `A,B...Z` sub-folders, sitting aside. The `A-Z` folders contains the template folder and provisioned folders named `LASTNAME, Firstname` copied by the script from the template folder
## Step by Step - How to Provision a New Folder
-1. Double-click `FolderTemplateProvisioner.bat` and follow on-screen instructions
-2. Input last name and first name
-3. Review the input
-4. Wait for `robocopy` file copy (folder template provisioning)
-5. Verify the created folder (which pops up optionally at the end)
+**Step 1**. Double-click `FolderTemplateProvisioner.bat` and follow on-screen instructions
+
+- For non-admin users, they should run `_runasAdmin.bat` instead
+
+**Step 2**. Input last name and first name
+
+**Step 3**. Review the input
+
+**Step 4**. Wait for `robocopy` file copy (folder template provisioning)
+
+**Step 5**. Verify the created folder
## Screenshots - Provisioning a New Folder with the Script
@@ -89,59 +114,71 @@ A. Run `FolderTemplateProvisioner.bat`
-B. UAC elevation is prompted automatically when admin rights are unavailable, provided that an optional `_elevate.vbs` exists in the same folder
+**Note**: non-admins should run `_runasAdmin.bat` instead, available since v1.2
-
+For admins with UAC enabled, a UAC elevation prompt (like the one below) is displayed automatically, provided that an optional `_elevate.vbs` exists in the same folder. (`_elevate.vbs` should not be run directly. Instead, run `FolderTemplateProvisioner.bat`)
-C. Input first name and last name
+
+
+B. Input first name and last name
-D. Review and confirm input
+C. Review and confirm input
-E. Robocopy provisions new folder from folder template with exact content and permissions
+**Note**: Since v1.2, users would receive a message requesting them to ensure no folder of the same name exists in destination before continuing; otherwise, content would be overwritten.
+
+D. Robocopy provisions new folder from folder template with exact content and permissions
-F. Open folder after completion (optional)
+**Note**: Since v1.2, users would receive a message at the end recommending them to verify the created folder at target location.
+
+## Screenshots - Error Messages
-
+A. Name inputted by user is invalid
-G. Verify created folder via the opened Windows Explorer
+
-
+B. Robocopy error ends with a return code presented to user
-## Screenshots - Error Messages
+
-A. Target folder already exists
+C. No admin rights are detected, while UAC is off and/or the optional `_elevate.vbs` is not in the same folder
-
+
-B. Name inputted by user is invalid
+Other error messages include:
-
+- Windows Script Host is unavailable (for the UAC elevation VBScript)
+
+## Security Note
-C. Target `A-Z` folder is invalid or inaccessible
+This part can be skipped if you don't let users use this set of scripts without admin rights.
-
+As with most technology that enables convenience, kindly beware of the natural security risk involved with `_runasAdmin.bat`, i.e. `runas /savecred`. In this case, a non-admin user would be able to use the `runas /savecred` command to run any command as an admin without entering a password. Please do understand such risk involved if you still would like to go ahead with the non-admin approach to using this script.
-D. Source template folder does not exist or is wrongly defined within script
+## Another Possible Approach for Non-Admin
-
+This part can be skipped. It is only for enthusiasts wishing to modify this script to run it as non-admin without even using `_runasAdmin.bat` or `runas /savecred`.
-E. No admin rights are detected, while UAC is off and/or the optional `_elevate.vbs` is not in the same folder
+- Admins rights or the `_runasAdmin.bat` (`runas /savecred`) workaround for non-admin are already supported by this script. The below may not be suitable to all cases and hence, it is left as an idea for enthusiasts to attempt should it be desired.
-
+Several prerequisites and/or adjustments would be required (**experimental**):
-F. Robocopy error ends with a return code presented to user
+1. Remove `/ZB` parameter from the `robocopy` command in the script (note: `/ZB` uses backup operator rights to copy if permission is unavailable. This requires admin rights)
+2. Change `/COPYALL` to `/COPY:DATSO` (this removes the 'manage auditing' part which requires admin rights)
+3. The template folder should include the desired non-admin user as **owner** with **full** permission in the underlying folders
+4. Remove lines in this script between `attrib >nul 2>&1` and `:skipAdminCheckSubsequent`
-
+**Note**: The above is approach is experimental, hence unsupported.
## Release History
| Ver | Date | Changes |
| --- | --- | --- |
+| 1.2 | 20200730 | - Support of network-shared folder in UNC form (`\\...`) is available
- Support of non-admin users is provided by `runas /savecred`
- Remove support of UNC-unsupported error-checking cases |
| 1.1 | 20200719 | Folder template consolidated as single folder instead of multiple ones within sub-folders |
| 1.0 | 20200714 | [First release](https://github.com/wandersick/ws-folder-template-provisioner/tree/6b0c9aad5375afc5dfa0ef687daeeced399d642b) where template folders are located in each sub-folders |
diff --git a/_images/00-run-folder-template-provisioner.png b/_images/00-run-folder-template-provisioner.png
index 6bfd7aa..c207e0d 100644
Binary files a/_images/00-run-folder-template-provisioner.png and b/_images/00-run-folder-template-provisioner.png differ
diff --git a/_images/05-open-folder-after-completion.png b/_images/05-open-folder-after-completion.png
deleted file mode 100644
index b7de1c1..0000000
Binary files a/_images/05-open-folder-after-completion.png and /dev/null differ
diff --git a/_images/06-new-folder-created.png b/_images/06-new-folder-created.png
deleted file mode 100644
index 55316fd..0000000
Binary files a/_images/06-new-folder-created.png and /dev/null differ
diff --git a/_images/e01-target-folder-already-exists.png b/_images/e01-target-folder-already-exists.png
deleted file mode 100644
index 4864156..0000000
Binary files a/_images/e01-target-folder-already-exists.png and /dev/null differ
diff --git a/_images/e03-target-az-folder-invalid-or-inaccessible.png b/_images/e03-target-az-folder-invalid-or-inaccessible.png
deleted file mode 100644
index fa9dc4f..0000000
Binary files a/_images/e03-target-az-folder-invalid-or-inaccessible.png and /dev/null differ
diff --git a/_images/e04-source-template-folder-does-not-exist.png b/_images/e04-source-template-folder-does-not-exist.png
deleted file mode 100644
index 68822f7..0000000
Binary files a/_images/e04-source-template-folder-does-not-exist.png and /dev/null differ
diff --git a/_runasAdmin.bat b/_runasAdmin.bat
new file mode 100644
index 0000000..d60e08d
--- /dev/null
+++ b/_runasAdmin.bat
@@ -0,0 +1,12 @@
+:: Step 1. Edit the UNC path below by setting it to the the script path, e.g. \\serverName\d$\Dropbox (CSS)\CSS Main Folder (1)\07 Human Resources\01_Personnel-Files\FolderTemplateProvisioner.bat
+:: Note: It must be a UNC path starting with "\\" instead of a drive letter
+::
+:: Step 2. Edit /u:DOMAIN\username by changing DOMAIN to the Active Directory domain name (NETBIOS name), and the username as the admin user. For non-domain scenarios, DOMAIN can be a 'dot' (.) or simply skipping 'DOMAIN\' altogether
+:: Note:
+:: - If a non-domain account is specified, runas command still requires the PC to be connected to domain. This appears to be a limitation of runas
+:: - User Account Control (UAC) has to be disabled, i.e. setting EnableLUA to 0 under Windows registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, or the target runas user is the built-in domain or local Administrator account which is unaffected by UAC.
+
+:: Step 3. Before this script can be run by users, it (or the 'runas /savecred' ... command) needs to be run once on PCs of users who need to use the script without admin credentials.
+:: Note: The first run involves prompting for admin credentials where admin needs to be there to input admin password once
+
+runas /savecred /u:DOMAIN\username "\\serverName\d$\Dropbox (CSS)\CSS Main Folder (1)\07 Human Resources\01_Personnel-Files\FolderTemplateProvisioner.bat"
\ No newline at end of file