How to determine in batch-file, if user is administrator

Archived from groups: alt.msdos.batch.nt,microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)

Hi NG!

Is there any possibility to determine in a batch-file, if the logged-on
user is member of Administrators-Group?
This should even work, if the user is member of a domain...

Of course I can try, to create a file unter %SYSTEMROOT% or something
else, and then check, if it was created...

but perhaps there is a better practice?

Any suggestion is greatly appreciated,

Best regard,
/Heiko Pliefke
5 answers Last reply
More about determine batch file user administrator
  1. Archived from groups: alt.msdos.batch.nt,microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)

    On Thu, 04 Aug 2005 16:18:39 +0200, Heiko Pliefke <sledge_hammer@freenet.de> wrote:

    >Hi NG!
    >
    >Is there any possibility to determine in a batch-file, if the logged-on
    >user is member of Administrators-Group?
    >This should even work, if the user is member of a domain...
    >
    >Of course I can try, to create a file unter %SYSTEMROOT% or something
    >else, and then check, if it was created...
    >
    >but perhaps there is a better practice?
    >
    >Any suggestion is greatly appreciated,
    >
    >Best regard,
    >/Heiko Pliefke

    in the batch, add the following lines to determine if the logged on user is a local administrator:

    set admin=N
    set domain=%USERDOMAIN%\
    If /i "%domain%" EQU "%computername%\" set domain=
    set user=%domain%%username%
    for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y


    Then just test the value of %admin%

    If "%admin% EQU "Y" goto isAdmin
  2. Archived from groups: alt.msdos.batch.nt,microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)

    Try IFMEMBER.EXE from the Windows Server 2003 Resource Kit Tools:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd


    "Heiko Pliefke" <sledge_hammer@freenet.de> wrote in message
    news:1123165119.614281@nbgm66x...
    > Hi NG!
    >
    > Is there any possibility to determine in a batch-file, if the logged-on
    > user is member of Administrators-Group?
    > This should even work, if the user is member of a domain...
    >
    > Of course I can try, to create a file unter %SYSTEMROOT% or something
    > else, and then check, if it was created...
    >
    > but perhaps there is a better practice?
    >
    > Any suggestion is greatly appreciated,
    >
    > Best regard,
    > /Heiko Pliefke
  3. Archived from groups: microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)

    Jerold Schulman wrote:

    > in the batch, add the following lines to determine if the logged on
    > user is a local administrator:
    >
    > set admin=N
    > set domain=%USERDOMAIN%\
    > If /i "%domain%" EQU "%computername%\" set domain=
    > set user=%domain%%username%
    > for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y
    >
    > Then just test the value of %admin%
    >
    > If "%admin% EQU "Y" goto isAdmin

    It would seem that this method would fail if the user is a member of a
    group that's a member of Administrators.

    Ifmember.exe doesn't have this problem, but it's not language-independent.

    To address these issues, I wrote isadmin.exe:

    http://www.cybermesa.com/~bstewart/wast.html

    Internally, isadmin.exe enumerates the SIDs for the current user and
    returns an exit code of 1 if the current user is a member of
    Administrators (e.g., SID S-1-5-32-544).

    --
    Bill Stewart
  4. I know this is an old post but I wanted to share some info. I use Ifmember.exe in my logon scripts to find out if a user is a memeber of a group and that works great but I couldnt figure out how to use it to verify if a "certain", not the currently logged in user, group was already added to the Local Administrators group. So I was able to use Jerold's post earlier to use it for that function.

    First I will show you how I use Ifmember.exe

    set GROUP1=(Any AD group)
    set USERDOMAIN=(Your AD Domain)
    if "%GROUP1%"=="" goto complete
    "ifmember.exe" "%USERDOMAIN%\%GROUP1%"
    if not errorlevel 1 goto complete

    net use k: /delete /y
    net use k: \\Server\DataPath /Persistent:Yes

    :complete

    ***This is how I used the FOR funtion***

    for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "(your domain here)\Domain Admins"') do goto domainadmin
    net localgroup Administrators /add "(your domain here)\Domain Admins"
    echo Added Domain Admins to the Local Administrators group
    : domainadmin
    for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "(your domain here)\(Any AD Group or User"') do goto admins
    net localgroup Administrators /add "(your domain here)\(Any AD Group or User)"
    echo Added "Your User" to the Local Administrators group
    :admins

    Good luck.
  5. Here's a one-liner that doesn't require additional tools:
    [cpp]>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"&&(
    echo admin...
    )[/cpp]source: http://stackoverflow.com/q/4054937


    Here is how I use it, in a routine that elevates a batch script itself:
    [cpp]:: Ensure ADMIN Privileges
    :: adaptation of https://sites.google.com/site/eneerge/home/BatchGotAdmin and http://stackoverflow.com/q/4054937
    @echo off
    :: Check for ADMIN Privileges
    >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
    if '%errorlevel%' NEQ '0' (
    REM Get ADMIN Privileges
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
    exit /B
    ) else (
    REM Got ADMIN Privileges
    pushd "%cd%"
    cd /d "%~dp0"
    @echo on
    )[/cpp]
Ask a new question

Read More

Microsoft Windows