Check if the current PowerShell session is being "Run as Administrator"

Why even worry about this?

Have you ever tried running a PowerShell script that modifies a simple registry entry? Well, just like other system interactions this won’t work, even if you are logged in as a Domain Administrator. Unless of course you have started your PowerShell session as an Administrator.


image

You might know the System.Security.SecurityException warnings off by heart at this stage. This small post is not an attempt to explain them or the security context of PowerShell executions, that is way out of scope here. But I would like to share a really fast and simple way to determine whether the user has read the instructions.

My script cares about this, that’s why

Like any True Geek*, I have a plethora of scripts, most of which I run myself, and most of which seem to find themselves written in PowerShell. But being a True Geek** I share my content as well. This means that I need to think for everyone that might use, or potentially use, the scripts that I create. And where I have hit a snag is when other admins run scripts normally, instead of “Run as Administrator”. I need to find a way to test this and write a little warning stating that they should perhaps retry. In order to avoid moments like these.


image

Lets fix it

I have seen many potential ways of finding out whether we are doing something “As Administartor” in PowerShell, but most take quite long to execute. Long here is multiple seconds and I don’t want a check to wait for 3 seconds before giving me a True or False, I need it instant. So I asked myself, “Instead of calling some obscure method or object property, why not simply open your eyes?”

PowerShell is already telling you what it is running as, note the 2 windows below. So why not simply read that value and test it.


image

So why don’t we simply bind to the local window and get the Title. Funny you should mention that, I just had the same idea.



#Find the current PowerShell Precess ID$pid#Show the processGet-Process -id $pid#Now show all the fields to the processGet-Process -id $pid | Select *


What we will see is something like this


image

Note the little portion that says MainWindowTitle it contains a value Administrator: Windows PowerShell. Bingo.



if((Get-Process -id $pid).MainWindowTitle -Like "Administrator:*") {"Runas Geek";} else{"Runas non-Geek";}


There you go, quick and easy.

Adrian

*Being a Geek does not imply that you can code and have coding experience or owning a PowerShell script. Geekyness is an arbitrary measure that is based on very subjective views and opinions. Conversely, being in possession of a PS1 script does not make you a Geek. The terms True and Geek, merely find themselves cosyzing up to one another and no relation of Trueness of Geekyness or PowerShellyness is implied here.

**Being a Geek does not imply the sharing of content, legally obtained or otherwise, in the public or private domains. Sharing of content in this post, of course, only implies LEGALLY obtained content, or content distributed under a free use policy or such like. And conversely, retweeting your granny’s picture of her cat Ruffles making a silly face will in no universe make you a Geek.

#RunasAdministrator

0 views0 comments

Recent Posts

See All

invoke-command and enable-psremoting -force

Today seems to be PowerShell issue day and it was such a nice day until I had to remote into a new machine. I tried running invoke-command -computer $server {get-process | where-object {$_.Name -like

PowerShell Set-ExecutionPolicy Giving error

If you ever get this error the whole time, do not stress. Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied.