3

As I use batch scripts a lot, I have spent a large amount of time searching the web for a pure batch implementation, that does not depend on an errorlevel reading, to check for admin rights of the current or specified user.

How can I check if a user is an administrator?

Note: This question is not a duplicate, as I don't want to have to rely on an errorlevel reading.

user1
  • 153
  • 1
  • 8
  • I think I've got a script at work with a one liner to check for admin rights. If I find it I'll post an answer in the morning. I think it was something like checking pass or fail of using icacls to read the permissions of system32. – rojo Apr 12 '13 at 03:18
  • @rojo: I look forward to your answer! :) – user1 Apr 12 '13 at 03:19
  • 1
    @Christian.K: I was looking for a universal and non-sinlge command/errorlevel dependent solution that was written only in batch... – user1 Apr 12 '13 at 04:38

2 Answers2

2

Having not found a batch script that did not try to either write a file to a system directory or relied on errorlevel, I wrote the following script to be usable in other scripts or as a standalone tool.

You can alter the code to work in a script, or pass a username to the program to determine whether the user is admin. If no username is specified, the program checks the admin-hood of the current user.

@echo off
setlocal EnableDelayedExpansion
if "%~1" == "" (set user=%username%) ELSE (set user=%~1)
net user %user% | find "Local Group Memberships">temp.tmp
for /f %%a in ('findstr /i "Administrators" temp.tmp') do (
    echo.
    echo %user% is Admin...
    echo.
    set isadmin=y
    del temp.tmp
    pause
    goto:eof
)
echo.
echo %user% is not Admin...
echo.
set isadmin=n
del temp.tmp
pause
goto:eof
Danny Beckett
  • 20,529
  • 24
  • 107
  • 134
user1
  • 153
  • 1
  • 8
  • @Danny Beckett: Thank you for the corrections! – user1 Apr 12 '13 at 03:05
  • 1
    No problem at all! Welcome to Stack Overflow! :) Remember, keep your question and answer separate ;) – Danny Beckett Apr 12 '13 at 03:06
  • @Danny Beckett: Thank you! I will do my best. :) – user1 Apr 12 '13 at 03:07
  • Excuse me. You should put this code in your question under "this is what I have now"; otherwise, it may be mistaken for an answer! (why someone post a question if he/she already have an answer?) – Aacini Apr 12 '13 at 03:50
  • @Aacini: Well, I posted this out of courtesy to others who are using batch, as I couldn't find a batch implementation to determine whether the user was an admin. When you post a question, you can select the "Answer your own question" checkbox... – user1 Apr 12 '13 at 03:59
  • @user1: Taken from [the faq](http://stackoverflow.com/faq): "You should only ask practical, answerable questions based on actual problems *THAT YOU FACE*. If your motivation for asking the question is "I would like to participate in a discussion about _____", then you should not be asking here." – Aacini Apr 12 '13 at 04:09
  • @Aacini: I simply wanted to help those who may have been facing the same problem that I was, and wanted to use Stack Overflow to post my solution as I find the answers to many of my questions here. – user1 Apr 12 '13 at 04:12
  • @user1: You may help other people facing the same problem by posting your solution in the same question, isn't it? What is the purpose to post it as a _real_ answer? – Aacini Apr 12 '13 at 04:24
  • @Aacini: As I'm new to Stack Overflow, I saw the "Answer your own question" checkbox on the "ask question" page, and thought that that was the way to go. I was unaware that that was not a viable option. – user1 Apr 12 '13 at 04:35
  • @user1: Yes, "Answer your own question" is a viable option. Most people use it if they discover an answer better than the posted ones after a reasonable lapse (usually more than one week). However, certain people use it to select their own answers as Best Answer with the purpose to increment their reputations... – Aacini Apr 12 '13 at 04:47
  • @Aacini: Well, as I haven't used my question/answer to increase my own lowly reputation, I guess I'm good. – user1 Apr 12 '13 at 17:56
0

There is an easy way to check for admin rights. Just use the OPENFILES command and check the status. It requires Admin privileges, so you can just pipe the output to nul and check the result. I recommend that you use 2>nul as shown because 2012 Server and Windows 8 return ERRORLEVEL 0 but output "ERROR: Unable to retrieve data." This seems wrong to me (no error; but still an error message), but...

OPENFILES >nul 2>nul
IF ERRORLEVEL 1 (
   ECHO.Right click on this file and select 'Run as administrator'.
   PAUSE
   GOTO :eof
   )
RGuggisberg
  • 4,630
  • 2
  • 18
  • 27
  • This to seems to be a valid answer, and does not create a temporary file as my script does... – user1 Apr 12 '13 at 03:15
  • this looks neat, but I am afraid it may cause performance impact on busy system with 'maintain objects list' flag enabled. (at least I wouldn't risk) – noonex Aug 19 '16 at 05:56
  • I do this once upon entering the bat file... not once for every operation that requires admin. So I don't think there is any noticeable performance hit. – RGuggisberg Aug 22 '16 at 19:00