Search code examples
vbscriptelevated-privilegeselevation

Check if the script has elevated permissions


I would like to check whether the context in which my VBscript runs allows me to perform administrative tasks.

Requirements:

  • The solution should work on all Windows operating systems starting with Server 2003. (This rules out solutions which just check for membership in the Administrators group -- remember that there's UAC in Vista and Windows 7!)
  • The solution should be simple. A 50 LOC solution that checks the Windows group memberships (recursively, of course, since the user might be member of a groups which is member of a group ... which is member of the Administrators group) and then does some extra checks for Vista UAC is not simple.
  • The solution may be a bit dirty, so something along the lines of this solution would be ok.
  • It should not be too dirty. Writing a file to C:\Windows or writing a registry key is too dirty in my opinion, since it modifies the system. (EDIT: Which might not work anyway: for example, when using VBScript in a HTA, UAC redirection kicks in.)

Related question: https://stackoverflow.com/questions/301860 (all of the answers I found there (a) ignore the UAC issue and (b) are faulty because they ignore the possibility of a user having administrative permissions although not being direct member in the Administrators group)


Solution

  • I know this thread is very old and marked answered but this is a simpler method that has always worked for me. User S-1-5-19 is the Local NT Authority so accessing the key takes admin rights. It works if run via elevation.

    Option Explicit 
    
    msgbox isAdmin(), vbOkonly, "Am I an admin?"
    
    Private Function IsAdmin()
        On Error Resume Next
        CreateObject("WScript.Shell").RegRead("HKEY_USERS\S-1-5-19\Environment\TEMP")
        if Err.number = 0 Then 
            IsAdmin = True
        else
            IsAdmin = False
        end if
        Err.Clear
        On Error goto 0
    End Function