Check if PowerShell is Running as Admin

Using WindowsPrincipal and WindowsIdentity Classes

Use the WindowsPrincipal and WindowsIdentity Classes to check if PowerShell runs as an admin.

The above code returned PowerShell is running as admin if the PowerShell is running as an administrator; otherwise, it returned PowerShell is not running as admin.

Let’s break down the code to understand it.

First, we used the New-Object cmdlet to create a new WindowsPrincipal object based on the current Windows identity, representing the user running the PowerShell session; we stored the reference of this object in the $currentPrincipal variable.

Then, we invoked the IsInRole() method on the $currentPrincipal object (created in the previous step) and passed the WindowsBuiltInRole.Administrator enumeration value as an argument to determine if the current user belongs to the Administrators Group.

If the IsInRole() method returned True, the current user ran PowerShell as an administrator. On the other hand, if it returned False, the current user was not running PowerShell as an administrator.

We used the WindowsPrincipal and WindowsIdentity classes from the System.Security.Principal namespace for the above code snippet to check if the current user has admin privileges based on group membership of a user’s Windows identity.

We can also use the WindowsIdentity class of the System.Security namespace with the -match operator to check if PowerShell runs with admin privileges (a.k.a. "elevated rights").

In the above code example, [bool] cast the result to a bool value. Then, the GetCurrent() method of the WindowsIdentity class retrieved the Windows identity for the currently running user.

Next, the .groups was used to access the group property of identity to determine what user groups the identity is a member of. Finally, the -match "S-1-5-32-544" assess if groups have the Well Known SID of the Administrators group, the identity will only contain it if "run as administrator" option was used.

Using net user Command

Use the net user command to check if PowerShell is running as an admin.

We used the net user command to check if the current user is in the Administrative Group. Don’t forget to replace mehvish with your username while using the net user command in PowerShell. Using this command, we will get many details from which we need to locate the Local Group Memberships section. For example, if it includes "Administrators", then it means that the current user is a member of the Administrators group and PowerShell is running with admin privileges.

You can also check admin privileges using the Get-ExecutionPolicy command. If the execution policy is other than "Restricted", then PowerShell is running as an admin. Note the "Restricted" execution policy denotes a non-administrative context.

Using Requires Statement

If you are using PowerShell version 4.0 or above, you can use the Requires statement at the top of your script to prevent the script from running as a regular user. See the following example.

Now, run two PowerShell processes, first, with admin privileges (elevated) and second, without admin privileges (non-elevated). In both processes, move to the directory where your script file is and run it.

In our case, we have the testPS.ps1 file containing the #Requires -RunAsAdministrator statement only, and it is in the E:\Test\Script Files directory. So, we will run our script file as ./testPS.ps1 where the dot means current directory because we navigated to the E:\Test\Script Files directory.

We will not get any error when running the testPS.ps1 file from the elevated PowerShell process, but we got the following error when running the testPS.ps1 file from a non-elevated PowerShell process.

That’s all about how to check if PowerShell is running as Admin.