Check if the script has elevated permissions

Heinzi picture Heinzi · Oct 21, 2009 · Viewed 20.2k times · Source

I would like to check whether the context in which my VBscript runs allows me to perform administrative tasks.

Requirements:

  • The solution should work on all Windows operating systems starting with Server 2003. (This rules out solutions which just check for membership in the Administrators group -- remember that there's UAC in Vista and Windows 7!)
  • The solution should be simple. A 50 LOC solution that checks the Windows group memberships (recursively, of course, since the user might be member of a groups which is member of a group ... which is member of the Administrators group) and then does some extra checks for Vista UAC is not simple.
  • The solution may be a bit dirty, so something along the lines of this solution would be ok.
  • It should not be too dirty. Writing a file to C:\Windows or writing a registry key is too dirty in my opinion, since it modifies the system. (EDIT: Which might not work anyway: for example, when using VBScript in a HTA, UAC redirection kicks in.)

Related question: https://stackoverflow.com/questions/301860 (all of the answers I found there (a) ignore the UAC issue and (b) are faulty because they ignore the possibility of a user having administrative permissions although not being direct member in the Administrators group)

Answer

RLH picture RLH · Jul 13, 2017

I know this thread is very old and marked answered but this is a simpler method that has always worked for me. User S-1-5-19 is the Local NT Authority so accessing the key takes admin rights. It works if run via elevation.

Option Explicit 

msgbox isAdmin(), vbOkonly, "Am I an admin?"

Private Function IsAdmin()
    On Error Resume Next
    CreateObject("WScript.Shell").RegRead("HKEY_USERS\S-1-5-19\Environment\TEMP")
    if Err.number = 0 Then 
        IsAdmin = True
    else
        IsAdmin = False
    end if
    Err.Clear
    On Error goto 0
End Function