Check if the script has elevated permissions
Solution 1
I know this thread is very old and marked answered but this is a simpler method that has always worked for me. User S-1-5-19 is the Local NT Authority so accessing the key takes admin rights. It works if run via elevation.
Option Explicit
msgbox isAdmin(), vbOkonly, "Am I an admin?"
Private Function IsAdmin()
On Error Resume Next
CreateObject("WScript.Shell").RegRead("HKEY_USERS\S-1-5-19\Environment\TEMP")
if Err.number = 0 Then
IsAdmin = True
else
IsAdmin = False
end if
Err.Clear
On Error goto 0
End Function
Solution 2
Possibly combine this (WhoAmI from VBscript) with this (UAC Turned On).
Here is the code, the unfortunate pre-req for XP is "whoami.exe", found in a resource kit or support tools for XP (Wikipedia) - I'd still like to find a way to do without it.
If UserPerms("Admin") Then
Message = "Good to go"
Else
Message = "Non-Admin"
End If
If UACTurnedOn = true Then
Message = Message & ", UAC Turned On"
Else
Message = Message & ", UAC Turned Off (Or OS < Vista)"
End If
Wscript.echo Message
Function UserPerms (PermissionQuery)
UserPerms = False ' False unless proven otherwise
Dim CheckFor, CmdToRun
Select Case Ucase(PermissionQuery)
'Setup aliases here
Case "ELEVATED"
CheckFor = "S-1-16-12288"
Case "ADMIN"
CheckFor = "S-1-5-32-544"
Case "ADMINISTRATOR"
CheckFor = "S-1-5-32-544"
Case Else
CheckFor = PermissionQuery
End Select
CmdToRun = "%comspec% /c whoami /all | findstr /I /C:""" & CheckFor & """"
Dim oShell, returnValue
Set oShell = CreateObject("WScript.Shell")
returnValue = oShell.Run(CmdToRun, 0, true)
If returnValue = 0 Then UserPerms = True
End Function
Function UACTurnedOn ()
On Error Resume Next
Set oShell = CreateObject("WScript.Shell")
If oShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA") = 0 Then
UACTurnedOn = false
Else
UACTurnedOn = true
End If
End Function
Solution 3
The code above that requires "whoami" is from our IfUserPerms script at CSI-Windows.com/toolkit/ifuserperms.
After reading your post here, I have created new script code that checks for admin rights with fast, small, efficient, passive (no changing anything) code in both VBS (9 Lines) and CMD/BAT (3 lines). It also works with UAC by reporting false if the user is not elevated.
You can find the code here: http://csi-windows.com/toolkit/csi-isadmin
Solution 4
I have added two additional script kits that dramatically enhance the original code above that came from ifuserperms.vbs.
CSI_IsSession.vbs can tell you almost anything you want to know about UAC or the current session the script is running under.
VBScriptUACKit.vbs (which uses CSI_IsSession.vbs) allows you to selectively prompt for UAC in a script by relaunching itself. Has been designed and debugged to work under many execution scenarios.
Can Sahin
Updated on February 05, 2020Comments
-
Can Sahin about 4 years
I would like to check whether the context in which my VBscript runs allows me to perform administrative tasks.
Requirements:
- The solution should work on all Windows operating systems starting with Server 2003. (This rules out solutions which just check for membership in the Administrators group -- remember that there's UAC in Vista and Windows 7!)
- The solution should be simple. A 50 LOC solution that checks the Windows group memberships (recursively, of course, since the user might be member of a groups which is member of a group ... which is member of the Administrators group) and then does some extra checks for Vista UAC is not simple.
- The solution may be a bit dirty, so something along the lines of this solution would be ok.
- It should not be too dirty. Writing a file to C:\Windows or writing a registry key is too dirty in my opinion, since it modifies the system. (EDIT: Which might not work anyway: for example, when using VBScript in a HTA, UAC redirection kicks in.)
Related question: https://stackoverflow.com/questions/301860 (all of the answers I found there (a) ignore the UAC issue and (b) are faulty because they ignore the possibility of a user having administrative permissions although not being direct member in the Administrators group)
-
Can Sahin over 14 yearsInteresting approach; you should add a >>If UserPerms("Elevated") Then Message = Message & ", but running elevated"<< after the "UAC Turned On" line. The whoami.exe is a real drawback, especially since I'm not sure if your're even allowed to redistribute it (and you can't expect a customer to download such a file himself).
-
Michael Regan over 14 yearsYes, I like that addition. I can't seem to find a way from WMI other than the route already explored with group (and nested) membership. There still might be some COM component that allows vbscript a quick way to check Admin status.
-
Can Sahin about 14 yearsThanks, that's very useful. Would you mind posting the nine lines of code here?
-
RolKau about 12 years
reg query HKEY_USERS\S-1-5-20\Environment /v TEMP 2>NUL 1>&2 && echo Yes || echo No