Checking if User has Admin Rights When Running a PowerShell Script

April 16, 2014

PowerShell

For my Active Directory documentation script, if the user requests hardware inventory for the domain controllers, the user must run the script with domain administrator credentials.  How do you determine if a script is being run with Domain Admin rights?


The following information is taken from:

Check for Admin Credentials in a PowerShell Script (Scripting Guys blog)

WindowsPrincipal.IsInRole Method (WindowsBuiltInRole) (MSDN)

WindowsPrincipal Class (MSDN)

WindowsPrincipal.IsInRole Method (MSDN)

WindowsBuiltInRole Enumeration (MSDN)

For testing if the user is in the LOCAL Administrators group:

If(([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrators"))
{
	#user is a member of local administrators
}
Else
{
	#user is not a member of local administrators
}

For testing if the user is in the Domain Admins group:

If(([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole("Domain Admins"))
{
	#user is a member of domain admins
}
Else
{
	#user is not a member of domain admins
}

Hope this helps.

Webster

About Carl Webster

Webster is an independent consultant in the Nashville, TN area and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

View all posts by Carl Webster

2 Responses to “Checking if User has Admin Rights When Running a PowerShell Script”

  1. Joe Nord Says:

    Awesome, and timely! Thanks Webster.

    Reply

  2. Ingmar Verheij Says:

    Hi Carl,

    Thanks for sharing this validations, it’s good to know you can check for local and domain administrative priviliges.

    I used the code from Matt Painter to run a PowerShell script with elevated priviliges when it isn’t initially started with it. This might help when running an inventory :-)
    http://gallery.technet.microsoft.com/scriptcenter/63fd1c0d-da57-4fb4-9645-ea52fc4f1dfb

    Cheers,
    Ingmar

    Reply

Leave a Reply

Current ye@r *