20

Whats the best/easiest way to test for administrative rights in a PowerShell script?

I need to write a script that requires administrative rights and want to know the best way to achieve it.

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
resolver101
  • 2,155
  • 11
  • 41
  • 53

5 Answers5

22

This is the little function I have in a security module:

function Test-IsAdmin {
    try {
        $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
        $principal = New-Object Security.Principal.WindowsPrincipal -ArgumentList $identity
        return $principal.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator )
    } catch {
        throw "Failed to determine if the current user has elevated privileges. The error was: '{0}'." -f $_
    }

    <#
        .SYNOPSIS
            Checks if the current Powershell instance is running with elevated privileges or not.
        .EXAMPLE
            PS C:\> Test-IsAdmin
        .OUTPUTS
            System.Boolean
                True if the current Powershell is elevated, false if not.
    #>
}
Andy Arismendi
  • 50,577
  • 16
  • 107
  • 124
19

In Powershell 4.0 you can use requires at the top of your script:

#Requires -RunAsAdministrator

Outputs:

The script 'MyScript.ps1' cannot be run because it contains a "#requires" statement for running as Administrator. The current Windows PowerShell session is not running as Administrator. Start Windows PowerShell by using the Run as Administrator option, and then try running the script again.

Eddie Groves
  • 33,851
  • 14
  • 47
  • 48
  • When you paste `#Requires -RunAsAdministrator` on the top of a script in the PowerShell ISE nothing happens... – DarkLite1 Mar 31 '16 at 08:06
  • This is great, but using Right mouse button > Run with PowerShell just closes the script right away. `Read-Host` as the next line doesn't help. How to deal with this when trying to directly run a script? – Dennis G Apr 03 '17 at 10:15
6

Here it is directly:

$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
        [Security.Principal.WindowsBuiltInRole] "Administrator")
Jude Allred
  • 10,977
  • 7
  • 28
  • 27
5

FYI, for those folks that have the PowerShell Community Extensions installed:

PS> Test-UserGroupMembership -GroupName Administrators
True

This cmdlet is a bit more generic in that you can test for group membership in any group.

Keith Hill
  • 194,368
  • 42
  • 353
  • 369
  • Just curious, does this just check if the user in the group or does it also check if they are running with all privilege tokens (elevated)? – Andy Arismendi Apr 03 '12 at 23:46
  • @AndyArismendi if you are not elevated this will return false even if the user is in the Administrators group on a UAC enabled system. That's because the process has just a "standard" user token. If the process is elevated then this returns true. – Keith Hill Apr 03 '12 at 23:57
  • 1
    Thanks. be aware the **groupname is localised** – Loïc MICHEL Feb 14 '14 at 11:11
2

Check out this url: http://blogs.technet.com/b/heyscriptingguy/archive/2011/05/11/check-for-admin-credentials-in-a-powershell-script.aspx

I didn't test it but the summary seems to state what you are looking for: "Learn how to check for administrative credentials when you run a Windows PowerShell script or command."

Jaco
  • 1,149
  • 1
  • 9
  • 14