How can I tell whether a process is running with administrator permissions?
Solution 1
In Process Explorer, double click the process to open its properties. Go to the Security tab. In the group listing, find BUILTIN\Administrators and look at what it says in the Flags column.
Deny = Not Elevated (not admin)
Owner = Elevated (is admin)
Solution 2
In Process Explorer you can change the columns displayed and add the "Integrity level" column from the "Process Image" tab:
This is apparently the technical term for what is changed when you run a process with administrator privileges. If you run Process Explorer as an Administrator it will show ordinary processes as 'medium' integrity level and elevated processes as 'high'.
Note that if you run process explorer as an ordinary user, it will show processes that have admin privileges with a blank entry in the integrity level column.
Solution 3
Update with the OSes: Resource Monitor, which I believe is included with Windows 7 and Windows 10 (not sure about Vista) has an optional 'Elevated' column on the CPU tab's list of processes section that seems to be pretty accurate.
Related videos on Youtube
01 : 53
01 : 54
01 : 22
01 : 34
03 : 17
Tim
Updated on September 17, 2022Comments
-
Tim over 1 year
I'm using Windows Vista, with UAC enabled. I've installed an application, and the installer required admin privileges. The installer then started the application. I'd like to know if the application is continuing to run with admin privileges.
I've tried Windows Task Manager and Process Explorer, and neither appear to show this information.
-
Hans Vonn over 6 yearsFor updated OS please see this question. Task Manager Details tab has an optional Elevated column.
-
-
Anthony Geoghegan about 8 yearsOn my Windows 7 system, I had to run Process Explorer with elevated permissions in order to be able to see certain details (such as the Security permissions) of processes running with administrator permissions. When running Process Explorer as a regular user, the contents of the Security tab were blank.
-
KeyC0de over 7 yearsAlso when running a specific program as an administrator and process explorer as normal user, process explorer won't display the process's true icon, but a blank icon. -
user15507 almost 7 yearsNothing like this at all existing in Win10; use sysinternals (@Tim), add "integrity level" to columns for processes. -
Adam Caviness over 6 yearsWin8 and higher have always had an optional column in Task Manager named Elevated that displays yes or no. This is in the Details tab of course.
-
BattleTested_закалённый в бою over 5 years+ 1 for your answer
