How to check if user is in Administrators group

Question

I need to check logged-in users and if they are in the Administrators group, or maybe "if they have administrator rights"? I have managed to write some code, but if I run this script as an administrator I get my current logged-in user is admin (true), and other user that I added and logged in is also admin (true) but he is not in administrator group.

I'm not sure how to find it the right way. I found some scripts over the Internet but they seems too hard for me to understand.

$procesai = (Get-WmiObject Win32_Process | where {$_.ProcessName -eq 'explorer.exe'})
if ($procesai.Count -eq 0) {
    Write-Host "Siuo metu nera prisijungusiu vartotoju"
} else {
    foreach ($i in $procesai) {
        $user = $i.GetOwner().User
        $domen = $i.GetOwner().Domain
        $admin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
        $domen + "\" + $user + " yra prisijunges ir jo administratoriaus statusas = $admin"
    }
}

The statement `[Security.Principal.WindowsIdentity]::GetCurrent()` always returns the identity of the currently logged-in user (i.e. your account), so the `IsInRole()` statement always checks if your account has admin privileges, instead of checking `$user`. See [Scott Hanselmann's blog](https://www.hanselman.com/blog/HowToDetermineIfAUserIsALocalAdministratorWithPowerShell.aspx) for a method of checking admin group membership for arbitrary usernames. — Ansgar Wiechers, May 13 '19 at 08:54

How to check if user is in Administrators group

0 Answers0