Elena, that's a way too naive approach.
I think you need to dig deeper into the security system of MSSQL.
And learn about the architecture of MSSQL Server.
Heres just a google search result about that:
Just quoting from there:
ITPro Today said:
Microsoft added several msdb roles that facilitate more security during SQL Server Integration Services (SSIS) package deployment and execution, such as db_ssisadmin, db_ssisltduser, and db_ssisoperator.
I'm not saying this article will give you all you need, but the first thing to extract from it is that changing a database should be made an SSIS package. And the other thing therefore to understand is what SQL Server integration services is and what roles there are in it, like the db_ssisadmin.
Here's another take on this, not specific to MSSQL only:
It talks of tools like Flyway.
For MSSQL the currently best tools are with SQL Server Database Tools (SSDT) Visual Studio projects to create and maintain packages you can apply using SQLPackage (
That still requires thinking about which account would execute this securely.
I think you have a lot of reading to do before you can decide what exactly to use and how, but surely not a bat file.
One of the simplest to implement solutions I could think of is using a setup (MSI, setup.exe) that encapsulates the task to make the db change at the smae time also applying the application change. Especially if you're using setups to deploy the application itself alredy anyway.
Chriss