none
Check to see if I am in the local administrators group RRS feed

  • Question

  • I am trying to check if I am in the local administrators group with this PowerShell script:

    $wp=new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
    if ($wp.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)){
    Write-Host "You have local administrator privileges"
    }else{
    Write-Host "You DO NOT have local administrator privileges"
    }

    But it always returns that I DO NOT have administrator priviileges even though when I manage the computer I see that my user account is in the local administrators group. I have a feeling that this is checking to see if I am in the domain administrators group but I am new enough to administration with powershell I am not sure. Anyone care to share some hints?

    Thank you.

    Kevin


    Kevin Burton

    Friday, October 31, 2014 4:24 PM

Answers

  • That checks for elevation, not just Administrators group membership.

    If UAC is enabled: When you log on as a member of Administrators, you are in the group, but the group is not enabled.

    You must elevate to enable the group. When you start a process elevated, you get the UAC prompt. When you confirm the UAC prompt, the new process is started elevated, which means the Administrators group is enabled for that process.


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by jrv Friday, October 31, 2014 4:41 PM
    • Marked as answer by Bill_StewartModerator Friday, November 28, 2014 5:19 PM
    Friday, October 31, 2014 4:33 PM
    Moderator

All replies

  • That checks for elevation, not just Administrators group membership.

    If UAC is enabled: When you log on as a member of Administrators, you are in the group, but the group is not enabled.

    You must elevate to enable the group. When you start a process elevated, you get the UAC prompt. When you confirm the UAC prompt, the new process is started elevated, which means the Administrators group is enabled for that process.


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by jrv Friday, October 31, 2014 4:41 PM
    • Marked as answer by Bill_StewartModerator Friday, November 28, 2014 5:19 PM
    Friday, October 31, 2014 4:33 PM
    Moderator
  • This is from another thread.  Run it to see what happens:

    $wp=new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
    if ($wp.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)){
        
        $host.UI.RawUI.WindowTitle=$myInvocation.MyCommand.Definition + '(Elevated)'
        $host.UI.RawUI.BackgroundColor='DarkBlue'
        
    }else{
    
        $p=new-object System.Diagnostics.ProcessStartInfo('PowerShell')
        $p.Arguments = $myInvocation.MyCommand.Definition
        $p.Verb='runas'
        [System.Diagnostics.Process]::Start($p)
        exit
    }
    
    # Run your code that needs to be elevated here
    Write-Host -NoNewLine 'Press any key to continue...'
    $host.UI.RawUI.FlushInputBuffer()
    $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown')
    
    
    


    ¯\_(ツ)_/¯

    Friday, October 31, 2014 4:42 PM