Skip Ribbon Commands
Skip to main content

Ondrej Sevecek's English Pages

:

Engineering and troubleshooting by Directory Master!
MCM: Directory

Quick Launch
Ondrej Sevecek's English Pages > Posts > How to verify if current user is member of Administrators group
August 25
How to verify if current user is member of Administrators group
by  Ondřej Ševeček  on 25/08/2016 17:14
Category: PowerShellSecurity

A common PowerShell scripter's requirement is to verify if the script is running under a member of local Administrators group. And also if the UAC feature (the user account control) is in effect to be sure the script is really running with elevated privileges (also called running as administrator).

Note that I am using the group's SID instead of a name which may differ on various localized systems.

function Is-LocalAdministratorsMember ()
{
  # Note: $false to get the Thread's access token in both cases, whether the thread is or is not impersonating
  [Security.Principal.WindowsIdentity] $currentPrincipal = [Security.Principal.WindowsIdentity]::GetCurrent($false)

  [bool] $isAdmin = $false
  [string[]] $sids = $currentPrincipal.Groups | select -Expand Value

  for ($i = 0; $i -lt $sids.Length; $i ++) {

    if ($sids[$i] -eq 'S-1-5-32-544') {

      $isAdmin = $true
      break
    }
  }

  return $isAdmin
}
Permanent Link to Post | Email Post Link | Number of Comments 0 Comment(s)

Comments

There are no comments for this post.

Add Comment

Sorry comments are disable due to the constant load of spam *


This simple antispam field seems to work well. Just put here the number.

Title


You do not need to provide any value this column. It will automatically fill with the name of the article itself.

Author *


Body *


Attachments