How to determine in batch-file, if user is administrator
Last response: in Windows 2000/NT
Archived from groups: alt.msdos.batch.nt,microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)
Hi NG!
Is there any possibility to determine in a batch-file, if the logged-on
user is member of Administrators-Group?
This should even work, if the user is member of a domain...
Of course I can try, to create a file unter %SYSTEMROOT% or something
else, and then check, if it was created...
but perhaps there is a better practice?
Any suggestion is greatly appreciated,
Best regard,
/Heiko Pliefke
Hi NG!
Is there any possibility to determine in a batch-file, if the logged-on
user is member of Administrators-Group?
This should even work, if the user is member of a domain...
Of course I can try, to create a file unter %SYSTEMROOT% or something
else, and then check, if it was created...
but perhaps there is a better practice?
Any suggestion is greatly appreciated,
Best regard,
/Heiko Pliefke
More about : determine batch file user administrator
Archived from groups: alt.msdos.batch.nt,microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)
On Thu, 04 Aug 2005 16:18:39 +0200, Heiko Pliefke <sledge_hammer@freenet.de> wrote:
>Hi NG!
>
>Is there any possibility to determine in a batch-file, if the logged-on
>user is member of Administrators-Group?
>This should even work, if the user is member of a domain...
>
>Of course I can try, to create a file unter %SYSTEMROOT% or something
>else, and then check, if it was created...
>
>but perhaps there is a better practice?
>
>Any suggestion is greatly appreciated,
>
>Best regard,
>/Heiko Pliefke
in the batch, add the following lines to determine if the logged on user is a local administrator:
set admin=N
set domain=%USERDOMAIN%\
If /i "%domain%" EQU "%computername%\" set domain=
set user=%domain%%username%
for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y
Then just test the value of %admin%
If "%admin% EQU "Y" goto isAdmin
On Thu, 04 Aug 2005 16:18:39 +0200, Heiko Pliefke <sledge_hammer@freenet.de> wrote:
>Hi NG!
>
>Is there any possibility to determine in a batch-file, if the logged-on
>user is member of Administrators-Group?
>This should even work, if the user is member of a domain...
>
>Of course I can try, to create a file unter %SYSTEMROOT% or something
>else, and then check, if it was created...
>
>but perhaps there is a better practice?
>
>Any suggestion is greatly appreciated,
>
>Best regard,
>/Heiko Pliefke
in the batch, add the following lines to determine if the logged on user is a local administrator:
set admin=N
set domain=%USERDOMAIN%\
If /i "%domain%" EQU "%computername%\" set domain=
set user=%domain%%username%
for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y
Then just test the value of %admin%
If "%admin% EQU "Y" goto isAdmin
Archived from groups: alt.msdos.batch.nt,microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)
Try IFMEMBER.EXE from the Windows Server 2003 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyI...
"Heiko Pliefke" <sledge_hammer@freenet.de> wrote in message
news:1123165119.614281@nbgm66x...
> Hi NG!
>
> Is there any possibility to determine in a batch-file, if the logged-on
> user is member of Administrators-Group?
> This should even work, if the user is member of a domain...
>
> Of course I can try, to create a file unter %SYSTEMROOT% or something
> else, and then check, if it was created...
>
> but perhaps there is a better practice?
>
> Any suggestion is greatly appreciated,
>
> Best regard,
> /Heiko Pliefke
Try IFMEMBER.EXE from the Windows Server 2003 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyI...
"Heiko Pliefke" <sledge_hammer@freenet.de> wrote in message
news:1123165119.614281@nbgm66x...
> Hi NG!
>
> Is there any possibility to determine in a batch-file, if the logged-on
> user is member of Administrators-Group?
> This should even work, if the user is member of a domain...
>
> Of course I can try, to create a file unter %SYSTEMROOT% or something
> else, and then check, if it was created...
>
> but perhaps there is a better practice?
>
> Any suggestion is greatly appreciated,
>
> Best regard,
> /Heiko Pliefke
Archived from groups: microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsnt.misc (More info?)
Jerold Schulman wrote:
> in the batch, add the following lines to determine if the logged on
> user is a local administrator:
>
> set admin=N
> set domain=%USERDOMAIN%\
> If /i "%domain%" EQU "%computername%\" set domain=
> set user=%domain%%username%
> for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y
>
> Then just test the value of %admin%
>
> If "%admin% EQU "Y" goto isAdmin
It would seem that this method would fail if the user is a member of a
group that's a member of Administrators.
Ifmember.exe doesn't have this problem, but it's not language-independent.
To address these issues, I wrote isadmin.exe:
http://www.cybermesa.com/~bstewart/wast.html
Internally, isadmin.exe enumerates the SIDs for the current user and
returns an exit code of 1 if the current user is a member of
Administrators (e.g., SID S-1-5-32-544).
--
Bill Stewart
Jerold Schulman wrote:
> in the batch, add the following lines to determine if the logged on
> user is a local administrator:
>
> set admin=N
> set domain=%USERDOMAIN%\
> If /i "%domain%" EQU "%computername%\" set domain=
> set user=%domain%%username%
> for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y
>
> Then just test the value of %admin%
>
> If "%admin% EQU "Y" goto isAdmin
It would seem that this method would fail if the user is a member of a
group that's a member of Administrators.
Ifmember.exe doesn't have this problem, but it's not language-independent.
To address these issues, I wrote isadmin.exe:
http://www.cybermesa.com/~bstewart/wast.html
Internally, isadmin.exe enumerates the SIDs for the current user and
returns an exit code of 1 if the current user is a member of
Administrators (e.g., SID S-1-5-32-544).
--
Bill Stewart
I know this is an old post but I wanted to share some info. I use Ifmember.exe in my logon scripts to find out if a user is a memeber of a group and that works great but I couldnt figure out how to use it to verify if a "certain", not the currently logged in user, group was already added to the Local Administrators group. So I was able to use Jerold's post earlier to use it for that function.
First I will show you how I use Ifmember.exe
set GROUP1=(Any AD group)
set USERDOMAIN=(Your AD Domain)
if "%GROUP1%"=="" goto complete
"ifmember.exe" "%USERDOMAIN%\%GROUP1%"
if not errorlevel 1 goto complete
net use k: /delete /y
net use k: \\Server\DataPath /Persistent:Yes
:complete
***This is how I used the FOR funtion***
for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "(your domain here)\Domain Admins"') do goto domainadmin
net localgroup Administrators /add "(your domain here)\Domain Admins"
echo Added Domain Admins to the Local Administrators group
: domainadmin
for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "(your domain here)\(Any AD Group or User"') do goto admins
net localgroup Administrators /add "(your domain here)\(Any AD Group or User)"
echo Added "Your User" to the Local Administrators group
:admins
Good luck.
First I will show you how I use Ifmember.exe
set GROUP1=(Any AD group)
set USERDOMAIN=(Your AD Domain)
if "%GROUP1%"=="" goto complete
"ifmember.exe" "%USERDOMAIN%\%GROUP1%"
if not errorlevel 1 goto complete
net use k: /delete /y
net use k: \\Server\DataPath /Persistent:Yes
:complete
***This is how I used the FOR funtion***
for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "(your domain here)\Domain Admins"') do goto domainadmin
net localgroup Administrators /add "(your domain here)\Domain Admins"
echo Added Domain Admins to the Local Administrators group
: domainadmin
for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "(your domain here)\(Any AD Group or User"') do goto admins
net localgroup Administrators /add "(your domain here)\(Any AD Group or User)"
echo Added "Your User" to the Local Administrators group
:admins
Good luck.
Here's a one-liner that doesn't require additional tools:
Here is how I use it, in a routine that elevates a batch script itself:
source: http://stackoverflow.com/q/4054937
Here is how I use it, in a routine that elevates a batch script itself:
Related ressources:
- ForumHow to Determine if Administrator is Logged On user?
- ForumHow do i change to computer administrator if its not in my user accounts
- ForumHow to fix vista administrator and user accounts
- ForumHow to restore the deleted administrator user accounts
- Forumhow to determine user account disabled date
- ForumHow to change my user profile to the administrator
- ForumHow can i change from power user to administrator
- Forumonly 1 user how to be administrator?
- ForumSolvedHelp me fiqure out how much power my psu is using so we can determine if i can overclock my CPU
- ForumHow to delete my user account windows 7 if administrative password is lost
- ForumSolvedHow to determine whether 64 or 32-bit, and how simple/cheap to upgrade?
- ForumSolvedHow to determine if system is CPU or GPU limited?
- ForumSolvedCan someone determine how much watts is on this power supply?
- ForumSolvedWhat's bad? CPU, MOBO, or hard drive? How to determine?
- ForumHow do an administrator lock particular website for users
- ForumSolvedHow to determine
- ForumHow do I give non-administrator users permission to use a ..
- ForumSolvedAdvice for how precisely to determine meaningful stutter in CF-X
- ForumSolvedHow do i determine if my graphics card has enough to run on my 32' LED
- ForumAdministrator user account
- More resources
