How can I tell in my scripts if PowerShell is running with administrator privileges?
I need to know because I'm trying to run a program that requires the ability to open protected ports.
Asked
Active
Viewed 6.3k times
70
-
1You mat consider to elevate permissions as described in Gaining administrator privileges in PowerShell answer – Michael Freidgeim Feb 11 '16 at 04:00
4 Answers
111
([Security.Principal.WindowsPrincipal] `
[Security.Principal.WindowsIdentity]::GetCurrent() `
).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
This retrieves the current Windows identity and returns $true if the current identity has the Administrator role (i.e., is running elevated).
Bill_Stewart
- 1,392
-
20While the accepted answer is correct, this answer is much more clear, especially to someone who may read your script six months from now. – Patrick Seymour May 20 '14 at 19:52
66
[bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
Breaking apart what this does:
[bool]- Cast the end result to abool.[System.Security.Principal.WindowsIdentity]::GetCurrent()- Retrieves theWindowsIdentityfor the currently running user.(...).groups- Access thegroupsproperty of the identity to find out what user groups the identity is a member of.-match "S-1-5-32-544"checks to see ifgroupscontains the Well Known SID of the Administrators group, the identity will only contain it if "run as administrator" was used.
-
2Instead of just posting a line of code, can you please explain what it does? This helps future visitors in understanding and adapting it, if necessary. – slhck May 03 '14 at 15:53
-
-
11I prefer the answer by @Bill_Stewart below since it is free of magic strings. – 8DH Apr 20 '18 at 06:49
-
3Instead of using
-matchand typecasting:[Security.Principal.WindowsIdentity]::GetCurrent().Groups -contains 'S-1-5-32-544'– Maximilian Burszley Oct 20 '19 at 04:23 -
@MaximilianBurszley Nice one! Definitely an improvement over all those other multi-line solutions! – not2qubit Oct 14 '20 at 22:55
-
How to use this solution if its for a different process? Like notepad or mspaint – manjesh23 Jan 31 '22 at 18:31
64
In Powershell 4.0 you can use requires at the top of your script:
#Requires -RunAsAdministrator
Outputs:
The script 'MyScript.ps1' cannot be run because it contains a "#requires" statement for running as Administrator. The current Windows PowerShell session is not running as Administrator. Start Windows PowerShell by using the Run as Administrator option, and then try running the script again.
flederwiesel
- 115
Eddie Groves
- 1,453
-
2
-
1@KolobCanyon - There's no such thing as running only a PowerShell function elevated; the entire PowerShell process is either elevated or not. – Bill_Stewart Nov 05 '17 at 23:27
-
1@Bill_Stewart yes, but you can
returnif the user is not admin :) – Kellen Stuart Nov 06 '17 at 21:39 -
2@KolobCanyon - you can only elevate the PowerShell process; you cannot elevate a single function. That's why the
#Requires -RunAsAdministratoris useful: It prevents the entire script from running if you're not elevated. – Bill_Stewart Nov 06 '17 at 21:45 -
-
1The requires link isn't working for me. Perhaps about_Requires is the new URL? – Kevinoid Jul 15 '20 at 17:57
0
Your code :
invoke-command -computername cavl-ghwwsc3 -command { ([Security.Principal.WindowsPrincipal]
[Security.Principal.WindowsIdentity]::GetCurrent()
).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)}
is working fine but how to launch it remotely in current user session (not in powershell elevate admin rights because it return my admin isadmin value to remote computer, not current log user if this user isadmin.
