Determining Admin Access via the CLI (Full Version)

All Forums >> [Scripting Technologies] >> Batch



Message

ndaniels -> Determining Admin Access via the CLI (5/9/2008 9:20:04 AM)

I'm looking for ideas on an easy way to determine if the user running my batch file is a local administrator (in a domain environment).  For a non-domain environment, I figured I could probably just do something like this...

net localgroup administrators|find /i "%USERNAME%"

...And then check for the error level.  The problem I have is that, in a domain environment, the "Administrators" local group may also consist of global groups (like "Domain Admins") and, therefore, the user ID would not actually appear in the "Administrators" local group.

I'd also like to do this without making changes to the file system, if possible.  For example: I thought about attempting to create a text file inside the System32 folder and then checking for its existence; however, "Power Users" also have the ability to create files there.

For some reason, I'm just drawing a blank.  If anyone has any thoughts or ideas, I'd love to hear them.  Thanks!



mcampbell926 -> RE: Determining Admin Access via the CLI (5/9/2008 12:51:02 PM)

Here's something 'out of the box' that you could try.  From the command line, issuing defrag /? will give an errorlevel > 0 if the user executing the script does not have administrative rights.  I'm relatively sure an errorlevel > 0 will occur if the user is a Power User, as defragging the drive requires absolute administrative rights.

I hope this unusual solution assists you. [:D]



ndaniels -> RE: Determining Admin Access via the CLI (5/9/2008 10:02:21 PM)

Excellent suggestion! Thanks! What's strange is that, even when the command is executed as an administrator and the help screen is displayed, the error level is still not zero...

On Vista:
User: errorlevel = 740
Administrator: errorlevel = 87

I haven't had the opportunity to fully test on Windows XP, yet, but will follow up when I have the chance. Thanks again!



ndaniels -> RE: Determining Admin Access via the CLI (5/15/2008 1:59:03 PM)

On Windows XP:
User: errorlevel = 6
Administrator: errorlevel = 2



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.1875