Batch script: how to check for admin rights

9

2

How do I check if the current batch script has admin rights?

I know how to make it call itself with runas but not how to check for admin rights. The only solutions I've seen are crude hack jobs.

flacs

Posted 2010-10-29T12:07:38.650

Reputation: 213

@Bobby: That was asking how to do it in bash though. – paradroid – 2010-10-29T12:56:54.257

1@Jason404: Wtf?! How the hack did I misread Batch for Bash? oO' @Tilka: My sincere apologies. – Bobby – 2010-10-29T13:04:26.247

Answers

6

You could always do something like this

mkdir "%windir%\system32\test" 2>nul
if "%errorlevel%" == "0" (rmdir "%windir%\system32\test" & echo Is admin) else (echo Not an Admin)

Not the best of ways but works for me all the time.

David Remy

Posted 2010-10-29T12:07:38.650

Reputation: 1 899

2This is a hack job which the OP is trying to avoid............. – Pacerier – 2015-02-03T10:46:11.207

@Pacerier I think that's a joke! there are less invasive options like net and fsutil

– Wolf – 2017-02-03T12:53:55.970

3

After some research (mostly on SO[1]), I found that net is not always a good solution, it can show false negative results. But there is fsutil available for WinXP to Win10. It's worth reading the whole insightful answer "More issues" to the question Batch script: how to check for admin rights there.

Here's the short answer for hurried users:

fsutil dirty query %systemdrive% >nul
if %errorlevel% == 0 (
    echo Running with admin rights.
) else (
    echo Running without
)

[1] my actual problem was elevation, but non-invasive checking is part of it:

Wolf

Posted 2010-10-29T12:07:38.650

Reputation: 282

really like it as it doesnt rely on any networking service - needed something 100% and this does it - btw knowing your drive isnt dirty is good aswell :o) – Acid – 2018-03-19T22:11:07.480

0

This is the best kludge I could think of, using standard commands:

net user %username% | findstr /r Administrator.
if %errorlevel% == 1 (
echo This is not an admin account
) else (
echo This is an admin account
)

paradroid

Posted 2010-10-29T12:07:38.650

Reputation: 20 970

Well, also net sometimes fails

– Wolf – 2017-02-03T12:49:42.317

That doesn't work when you are in a domain. And when I tried "net user %username% /domain" the Local Group Membership section didn't contain any groups although I have local admin rights. Strange... – flacs – 2010-10-29T13:19:12.723

1Plus the output is localized. – flacs – 2010-10-29T13:22:33.780

1Besides, one can run a batch file without administrator rights from an account who is in Administrators group (this especially relates Vista/7). – utapyngo – 2011-11-09T04:41:59.280

-1

You just need this one line at the top of your batches that require elevation. emphasis on "One Line"

nul 2>&1 fsutil dirty query %systemdrive% || echo CreateObject^("Shell.Application"^).ShellExecute "%~0", "ELEVATED", "", "runas", 1 > "getadmin.vbs" && "getadmin.vbs" && exit /b

JonnyPhenomenon

Posted 2010-10-29T12:07:38.650

Reputation: 1

1This doesn't work. It causes an infinite number of cmd shells to be opened. – DavidPostill – 2017-03-15T21:44:17.770

Asked: 2010-10-29T12:07:38.650

Viewed: 14 909 times

Active: 2017-03-15T21:06:29.863