Check if the file was run as an admin?

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Post Reply
Message
Author
Cat
Posts: 32
Joined: 11 Nov 2011 12:04

Check if the file was run as an admin?

#1 Post by Cat » 21 Apr 2012 10:32

Is there any simple way to check if the command window has administrator rights? Right now I have this:

Code: Select all

for /f "tokens=2" %%a in ('netstat -b') do (
if '%%a'=='requested' (
echo Not admin
) else (
echo Admin
))


Any faster / simpler way to know this?

Fawers
Posts: 187
Joined: 08 Apr 2012 17:11
Contact:

Re: Check if the file was run as an admin?

#2 Post by Fawers » 21 Apr 2012 13:05

On Windows 7, I know that the AT command can only be run with administrative privileges. It shows an error message when they [adm privileges] are not activated. What you could do is,

Code: Select all

@echo off
(at 2>nul)&&goto :YourCode
echo This program must be run with administrative privileges.
echo Please run it right-clicking the file and selecting "Run as administrator".
::or something like that
echo,
pause
exit /b

:YourCode
cls
::your code comes here

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Check if the file was run as an admin?

#3 Post by foxidrive » 21 Apr 2012 15:59

This might work too.

Code: Select all

@echo off
md "%windir%\a-test" 2>nul&& (echo You're admin & rd "%windir%\a-test") || echo Not admin

Fawers
Posts: 187
Joined: 08 Apr 2012 17:11
Contact:

Re: Check if the file was run as an admin?

#4 Post by Fawers » 21 Apr 2012 16:19

foxidrive wrote:This might work too.

Code: Select all

@echo off
md "%windir%\a-test" 2>nul&& (echo You're admin & rd "%windir%\a-test") || echo Not admin


That's a faster, more secure way, I think.

XP1
Posts: 2
Joined: 24 Apr 2012 03:47

Re: Check if the file was run as an admin?

#5 Post by XP1 » 24 Apr 2012 15:00

Fawers wrote:
foxidrive wrote:This might work too.

Code: Select all

@echo off
md "%windir%\a-test" 2>nul&& (echo You're admin & rd "%windir%\a-test") || echo Not admin


That's a faster, more secure way, I think.
Creating and removing a temporary file/folder is more like a hack. How is this better? This hack depends on the fact that permissions are correct. If a non-elevated, non-admin user has write access to the "%WINDIR%", then the hack would break.

Checking the error code of "at" is a better hack because you don't have to create temporary files.

Code: Select all

at > nul
if %errorlevel% neq 0 (
    echo No administrative privileges.
)

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Check if the file was run as an admin?

#6 Post by foxidrive » 24 Apr 2012 15:48

XP1 wrote:Checking the error code of "at" is a better hack because you don't have to create temporary files.

Code: Select all

at > nul
if %errorlevel% neq 0 (
    echo No administrative privileges.
)



Of course what you should do if you are really concerned about levels of access is to check exactly who has access to AT.EXE as the backup operator level of access would be able to schedule tasks, not just admin.

XP1
Posts: 2
Joined: 24 Apr 2012 03:47

Re: Check if the file was run as an admin?

#7 Post by XP1 » 24 Apr 2012 16:32

foxidrive wrote:
XP1 wrote:Checking the error code of "at" is a better hack because you don't have to create temporary files.

Code: Select all

at > nul
if %errorlevel% neq 0 (
    echo No administrative privileges.
)



Of course what you should do if you are really concerned about levels of access is to check exactly who has access to AT.EXE as the backup operator level of access would be able to schedule tasks, not just admin.
You bring up an interesting point that it gets more complicated. I am hoping for better solutions that do not involve this hackery.

Ed Dyreen
Expert
Posts: 1569
Joined: 16 May 2011 08:21
Location: Flanders(Belgium)
Contact:

Re: Check if the file was run as an admin?

#8 Post by Ed Dyreen » 24 Apr 2012 20:52

'
For grouped members the variable userName is set to reflect and enumerate net localgroup "administrators" to verify.

Code: Select all

>runas /user:guest "cmd.exe"
Geef het wachtwoord voor guest op:
Poging om cmd.exe als gebruiker ED-SERV-0\guest te starten...

Code: Select all

>echo.%username%
Guest
>net localgroup "administrators"

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Check if the file was run as an admin?

#9 Post by foxidrive » 25 Apr 2012 07:32

So this is really a definitive way of proving admin permissions of the user.
If it is executed in Win7 by a normal user and 'run as administrator' then it works too.


@echo off
net localgroup administrators 2>nul |find "%username%">nul || (
echo not admin, go away or I shall taunt you a second time!
pause
goto :EOF
)
echo admin continues here

Fawers
Posts: 187
Joined: 08 Apr 2012 17:11
Contact:

Re: Check if the file was run as an admin?

#10 Post by Fawers » 25 Apr 2012 07:43

foxidrive wrote:So this is really a definitive way of proving admin permissions of the user.
If it is executed in Win7 by a normal user and 'run as administrator' then it works too.


@echo off
net localgroup administrators 2>nul |find "%username%">nul || (
echo not admin, go away or I shall taunt you a second time!
pause
goto :EOF
)
echo admin continues here


True. Just tested it on my 7.

Post Reply