Check if the file was run as an admin?

[Cat]

Is there any simple way to check if the command window has administrator rights? Right now I have this:

Code: Select all

for /f "tokens=2" %%a in ('netstat -b') do (
if '%%a'=='requested' (
echo Not admin
) else (
echo Admin
))

Any faster / simpler way to know this?

[Fawers]

On Windows 7, I know that the AT command can only be run with administrative privileges. It shows an error message when they [adm privileges] are not activated. What you could do is,

Code: Select all

@echo off
(at 2>nul)&&goto :YourCode
echo This program must be run with administrative privileges.
echo Please run it right-clicking the file and selecting "Run as administrator".
::or something like that
echo,
pause
exit /b

:YourCode
cls
::your code comes here

[foxidrive]

This might work too.

Code: Select all

@echo off
md "%windir%\a-test" 2>nul&& (echo You're admin & rd "%windir%\a-test") || echo Not admin

[Fawers]

This might work too.

Code: Select all

@echo off
md "%windir%\a-test" 2>nul&& (echo You're admin & rd "%windir%\a-test") || echo Not admin

That's a faster, more secure way, I think.

[XP1]

This might work too.

Code: Select all

@echo off
md "%windir%\a-test" 2>nul&& (echo You're admin & rd "%windir%\a-test") || echo Not admin

That's a faster, more secure way, I think.

Creating and removing a temporary file/folder is more like a hack. How is this better? This hack depends on the fact that permissions are correct. If a non-elevated, non-admin user has write access to the "%WINDIR%", then the hack would break.

Checking the error code of "at" is a better hack because you don't have to create temporary files.

Code: Select all

at > nul
if %errorlevel% neq 0 (
    echo No administrative privileges.
)

[foxidrive]

Checking the error code of "at" is a better hack because you don't have to create temporary files.

Code: Select all

at > nul
if %errorlevel% neq 0 (
    echo No administrative privileges.
)

Of course what you should do if you are really concerned about levels of access is to check exactly who has access to AT.EXE as the backup operator level of access would be able to schedule tasks, not just admin.

[XP1]

Checking the error code of "at" is a better hack because you don't have to create temporary files.

Code: Select all

at > nul
if %errorlevel% neq 0 (
    echo No administrative privileges.
)

Of course what you should do if you are really concerned about levels of access is to check exactly who has access to AT.EXE as the backup operator level of access would be able to schedule tasks, not just admin.

You bring up an interesting point that it gets more complicated. I am hoping for better solutions that do not involve this hackery.

[Ed Dyreen]

'
For grouped members the variable userName is set to reflect and enumerate net localgroup "administrators" to verify.

Code: Select all

>runas /user:guest "cmd.exe"
Geef het wachtwoord voor guest op:
Poging om cmd.exe als gebruiker ED-SERV-0\guest te starten...

Code: Select all

>echo.%username%
Guest
>net localgroup "administrators"

[foxidrive]

So this is really a definitive way of proving admin permissions of the user.
If it is executed in Win7 by a normal user and 'run as administrator' then it works too.

@echo off
net localgroup administrators 2>nul |find "%username%">nul || (
echo not admin, go away or I shall taunt you a second time!
pause
goto :EOF
)
echo admin continues here

[Fawers]

So this is really a definitive way of proving admin permissions of the user.
If it is executed in Win7 by a normal user and 'run as administrator' then it works too.

@echo off
net localgroup administrators 2>nul |find "%username%">nul || (
echo not admin, go away or I shall taunt you a second time!
pause
goto :EOF
)
echo admin continues here

True. Just tested it on my 7.