Check if the script has elevated permissions

Question

I would like to check whether the context in which my VBscript runs allows me to perform administrative tasks.

Requirements:

• The solution should

Answer 1

The code above that requires "whoami" is from our IfUserPerms script at CSI-Windows.com/toolkit/ifuserperms.

After reading your post here, I have created new script code that checks for admin rights with fast, small, efficient, passive (no changing anything) code in both VBS (9 Lines) and CMD/BAT (3 lines). It also works with UAC by reporting false if the user is not elevated.

You can find the code here: http://csi-windows.com/toolkit/csi-isadmin

Answer 2

Possibly combine this (WhoAmI from VBscript) with this (UAC Turned On).

Here is the code, the unfortunate pre-req for XP is "whoami.exe", found in a resource kit or support tools for XP (Wikipedia) - I'd still like to find a way to do without it.

If UserPerms("Admin") Then
 Message = "Good to go"
Else
 Message = "Non-Admin"
End If

If UACTurnedOn = true Then
 Message = Message & ", UAC Turned On"
Else
 Message = Message & ", UAC Turned Off (Or OS < Vista)"
End If

Wscript.echo Message

Function UserPerms (PermissionQuery)          
 UserPerms = False  ' False unless proven otherwise           
 Dim CheckFor, CmdToRun         

 Select Case Ucase(PermissionQuery)           
 'Setup aliases here           
 Case "ELEVATED"           
   CheckFor =  "S-1-16-12288"           
 Case "ADMIN"           
   CheckFor =  "S-1-5-32-544"           
 Case "ADMINISTRATOR"           
   CheckFor =  "S-1-5-32-544"           
 Case Else                  
   CheckFor = PermissionQuery                  
 End Select           

 CmdToRun = "%comspec% /c whoami /all | findstr /I /C:""" & CheckFor & """"  

 Dim oShell, returnValue        
 Set oShell = CreateObject("WScript.Shell")  
 returnValue = oShell.Run(CmdToRun, 0, true)     
 If returnValue = 0 Then UserPerms = True                   
End Function

Function UACTurnedOn ()
 On Error Resume Next

 Set oShell = CreateObject("WScript.Shell")
 If oShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA") = 0 Then
      UACTurnedOn = false
 Else
      UACTurnedOn = true
 End If
End Function

Answer 3

I know this thread is very old and marked answered but this is a simpler method that has always worked for me. User S-1-5-19 is the Local NT Authority so accessing the key takes admin rights. It works if run via elevation.

Option Explicit 

msgbox isAdmin(), vbOkonly, "Am I an admin?"

Private Function IsAdmin()
    On Error Resume Next
    CreateObject("WScript.Shell").RegRead("HKEY_USERS\S-1-5-19\Environment\TEMP")
    if Err.number = 0 Then 
        IsAdmin = True
    else
        IsAdmin = False
    end if
    Err.Clear
    On Error goto 0
End Function

Answer 4

Here is the fastest way to cause a script file or any other file run as administrator:

First create your VBS script of whatever you need to do. In my case it was a registry edit vbs to allow me to autoadmin logon then when the machine was restarted, another file was run to ensure that autoadmin logon was not enabled any longer.

After you have created your file, then you need to create a cmd prompt shortcut. Next 'Right click' on the shortcut and change the propeties so that it will run as administrator.

Paste your file path like this: D:\WINDOWS\system32\cmd.exe /c "D:\Dump\Scripts\StartUp.vbs"

The 'C' means it will close after completion If you want it to stay open then use 'K'

Hope this helps someone else.

Answer 5

I have added two additional script kits that dramatically enhance the original code above that came from ifuserperms.vbs.

CSI_IsSession.vbs can tell you almost anything you want to know about UAC or the current session the script is running under.

VBScriptUACKit.vbs (which uses CSI_IsSession.vbs) allows you to selectively prompt for UAC in a script by relaunching itself. Has been designed and debugged to work under many execution scenarios.