Jump to content

is PID running ELEVATED [solved]

Recommended Posts


I need to know if a program is running Elevated. If it is then I'd have to run mine too in elevated mode (#ReqAdmin), else, just a user level ( not elevated ).
my dream would be of _WinAPI_IsElevated ( $iPID ) but there is no such animal and in any case it uses "TokenInformation", and I'd like to know as a User, not an Admin.
Anyway to query what Task manager shows in windows 10 ?


Edited by argumentum

Share this post

Link to post
Share on other sites

Where do you see that information in task manager?


Paster - Main function is to paste text, but has more functions. (No longer mantained, switched to String Trigger)

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Firefox Profile Backup - Backup/restore previously saved profile.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples


Share this post

Link to post
Share on other sites
1 minute ago, careca said:

Where do you see that information in task manager?


one can select the columns by a context menu on the header

  • Like 1

Share this post

Link to post
Share on other sites

You could use Wmi and check for the ExecutablePath using the example below if $avProcProps[$x][1] = "" then its running elevated otherwise it's non-elevated.  Of course this won't work if your script is running elevated, i.e. if you have #RequireAdmin at the top of the script below.

#include <array.au3>; Only for _ArrayDisplay()

$avProcProps = _ProcessListProperties('Chrome.exe')
_ArrayDisplay($avProcProps, "$avProcProps")

; Function Name:    _ProcessListProperties()
; Description:   Get various properties of a process, or all processes
; Call With:       _ProcessListProperties( [$Process [, $sComputer]] )
; Parameter(s):     (optional) $Process - PID or name of a process, default is all
;           (optional) $sComputer - remote computer to get list from, default is local
; Requirement(s):   AutoIt v3.2.4.9+
; Return Value(s):  On Success - Returns a 2D array of processes, as in ProcessList()
;             with additional columns added:
;             [0][0] - Number of processes listed (can be 0 if no matches found)
;             [1][0] - 1st process name
;             [1][1] - 1st process executable path
;             ...
;             [n][0] thru [n][8] - last process properties
; On Failure:       Returns array with [0][0] = 0 and sets @Error to non-zero (see code below)
; Author(s):        PsaltyDS at http://www.autoitscript.com/forum
; Date/Version:   05/05/2008  --  v1.0.0
; Notes:            If a numeric PID or string process name is provided and no match is found,
;             then [0][0] = 0 and @error = 0 (not treated as an error, same as ProcessList)
;           This function requires admin permissions to the target computer.
;           All properties come from the Win32_Process class in WMI.
Func _ProcessListProperties($Process = "", $sComputer = ".")
    Local $sUserName, $sMsg, $sUserDomain, $avProcs
    If $Process = "" Then
        $avProcs = ProcessList()
        $avProcs = ProcessList($Process)

   ; Return for no matches
    If $avProcs[0][0] = 0 Then Return $avProcs

   ; ReDim array for additional property columns
    ReDim $avProcs[$avProcs[0][0] + 1][2]

   ; Connect to WMI and get process objects
    $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $sComputer & "\root\cimv2")
    If IsObj($oWMI) Then
       ; Get collection of all processes from Win32_Process
        $colProcs = $oWMI.ExecQuery("select * from win32_process")
        If IsObj($colProcs) Then
           ; For each process...
            For $oProc In $colProcs
                $sObjName = ObjName($oProc, 1)
                If @error Then ContinueLoop; Skip if process no longer exists
               ; Find it in the array
                For $n = 1 To $avProcs[0][0]
                    If $avProcs[$n][1] = $oProc.ProcessId Then $avProcs[$n][1] = $oProc.ExecutablePath
            SetError(2); Error getting process collection from WMI
        SetError(1); Error connecting to WMI

   ; Return array
    Return $avProcs
EndFunc  ;==>_ProcessListProperties


Share this post

Link to post
Share on other sites
2 hours ago, Subz said:

$avProcProps[$x][1] = "" then its running elevated

I did not know that. But I figure there must be a DLL call for that.
For now yours is the better ( and only ) answer, thanks.

Share this post

Link to post
Share on other sites

in https://www.autoitscript.com/forum/topic/122050-useful-snippets-collection-thread/ at point 8. Facts on UAC  is the reason for this question of mine. How to run my script so it'd interact with an app. that runs elevated on the Admin acct. and, as regular/standard/limited user, and add the UAC bypass accordingly, to have it start up without issues. To do so I need to compile as  #AutoIt3Wrapper_Res_requestedExecutionLevel=highestAvailable  and  on the Task Scheduler with highestAvailable for the Admin acct.

So now my next question is "how do I know if the user is limited or not".


If _IsAdministrator() Then
        $s &= '<RunLevel>HighestAvailable</RunLevel>' & @CRLF
        $s &=  '<RunLevel>LeastPrivilege</RunLevel>' & @CRLF

and the code is from trancexx ( https://www.autoitscript.com/forum/topic/113611-if-isadmin-not-detected-as-admin/?do=findComment&comment=795036 ).

So I guess I did not need the _WinAPI_IsElevated ( $iPID )  that I thought i needed.

Edited by argumentum
kept thinking

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now