Darien

How to knowl if a script was run as administrator

7 posts in this topic

Hello,

 

How to know if a script was run as administrator? (right-click and choose "run as administrator")

 

The "Isadmin" command only shows whether the logged account has administrator rights.

Share this post


Link to post
Share on other sites



13 minutes ago, Darien said:

The "Isadmin" command only shows whether the logged account has administrator rights.

Are you sure? Strait from the helpfile:

Quote

Remarks

It returns 1 under Windows Vista only if running with a full administrator token (i.e. #RequireAdmin has been used, or has already been elevated by UAC).

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

The parentheses were missing. Funny not to have accused any error.

Share this post


Link to post
Share on other sites

Hi, 
I'm Windows10 user. Sorry if this is an out of topic question, but what should I do with my user account to get administrative rights? 
My User Account Control is set to 'Never Notify' level, and current user is a member of 'Administrators' group.

But when I use IsAdmin ()  script from example, it shows that I'm not an Admin: 

If IsAdmin() Then
    MsgBox($MB_SYSTEMMODAL, "", "IsAdmin" & @CRLF & "Admin rights are detected.")
 Else
    MsgBox($MB_SYSTEMMODAL, "", "IsAdmin" & @CRLF & "Admin rights are NOT detected.")
 EndIf

As it returns 'No Admin' rights, I should use #RequireAdmin to correctly script running. ConsoleWrite() doesn't work in that case, it's not convenient. Can I redirect Console notes to a file?

User settings.png

Share this post


Link to post
Share on other sites
7 minutes ago, Elena said:

ConsoleWrite() doesn't work in that case, it's not convenient.

As the help file states, you're opening a new process which is why ConsoleWrite does not work. If you want these functions, you will need to launch SciTE as an administrator as well.

9 minutes ago, Elena said:

Can I redirect Console notes to a file?

A quick search of the forum will show you a multitude of ways to log your script's activities, from log files to the Windows Event Viewer. Choose the one that best suits your needs.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Thank you for suggestion! Running SciTE as administrator is OK.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • lsakizada
      By lsakizada
      Probably this is a stupid question but I need help...
      I have a simple Autoit GUI that required admin permission and its run with: #RequireAdmin.
      Through this GUI i am executing bat file to run jmeter in non GUI mode as the following.
      $JMETER = $JMETER_BIN_FOLDER & "\" & "jmeter.bat" ShellExecuteWait($JMETER, "-n -t " & '"' & $Jmeter_Script & '"', @WorkingDir, "", @SW_HIDE) This "jmeter.bat" run the Jmeter's executable jar file that run the $Jmeter_Script script.
      How do I verified if Jmeter utility is running as admin?
      To be more clear, I want to achieve the same result as launching cmd.exe in windows as 'run as administrator' and executing:
      "jmeter.bat scriptname.jmx" Thanks in advanced.
      EDIT: I am running on win 7 and I know that it possible to get the properties of the process in Task Manager -> UAC Virtualization column, but the point is that I am running the script at my work and the IT somehow defined me a domain user that cannot read this property and I see empty column...
    • wraithdu
      By wraithdu
      I found a few related topics for some reference:




      Basically the issue has always been how to interpret and work with the results of IsAdmin() when running under UAC, and the desire for developers to not force the use of #RequireAdmin (or the AutoIt3Wrapper manifest equivalent) for all of their users. A lot of programs have that nice 'Elevate' button which is presented to you when the function is available, to selectively elevate the application and enable administrative functions. Here's my attempt at detecting this scenario.

      The function will return the current admin status, and the ability of the current app to elevate itself under UAC in @extended. A small example should show how it is used. The example can be run from SciTE or compiled, allowing you to test all kinds of scenarios.

      Something interesting I found... if an app is launched from another fully elevated app, and that new app is launched with restricted privileges by way of the SAFER api, then that app CANNOT re-elevate itself to full admin status. The other way to lower a launched app's privileges uses either CreateProcessAsUser or CreateProcessWithTokenW (there are scripts on the forum that show their usage). Apps launched with either of those functions CAN re-elevate themselves to full admin status.

      _IsUACAdmin

      #include <Security.au3> ; #FUNCTION# ==================================================================================================================== ; Name ..........: _IsUACAdmin ; Description ...: Determines if process has Admin privileges and whether running under UAC. ; Syntax ........: _IsUACAdmin() ; Parameters ....: None ; Return values .: Success - 1 - User has full Admin rights (Elevated Admin w/ UAC) ; Failure - 0 - User is not an Admin, sets @extended: ; | 0 - User cannot elevate ; | 1 - User can elevate ; Author ........: Erik Pilsits ; Modified ......: ; Remarks .......: THE GOOD STUFF: returns 0 w/ @extended = 1 > UAC Protected Admin ; Related .......: ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _IsUACAdmin() ; check elevation If StringRegExp(@OSVersion, "_(XP|20(0|3))") Or (Not _IsUACEnabled()) Then ; XP, XPe, 2000, 2003 > no UAC ; no UAC available or turned off If IsAdmin() Then Return SetExtended(0, 1) Else Return SetExtended(0, 0) EndIf Else ; check UAC elevation ; ; get process token groups information Local $hToken = _Security__OpenProcessToken(_WinAPI_GetCurrentProcess(), $TOKEN_QUERY) Local $tTI = _Security__GetTokenInformation($hToken, $TOKENGROUPS) _WinAPI_CloseHandle($hToken) ; Local $pTI = DllStructGetPtr($tTI) Local $cbSIDATTR = DllStructGetSize(DllStructCreate("ptr;dword")) Local $count = DllStructGetData(DllStructCreate("dword", $pTI), 1) Local $pGROUP1 = DllStructGetPtr(DllStructCreate("dword;STRUCT;ptr;dword;ENDSTRUCT", $pTI), 2) Local $tGROUP, $sGROUP = "" ; ; S-1-5-32-544 > BUILTINAdministrators > $SID_ADMINISTRATORS ; S-1-16-8192 > Mandatory LabelMedium Mandatory Level (Protected Admin) > $SID_MEDIUM_MANDATORY_LEVEL ; S-1-16-12288 > Mandatory LabelHigh Mandatory Level (Elevated Admin) > $SID_HIGH_MANDATORY_LEVEL ; SE_GROUP_USE_FOR_DENY_ONLY = 0x10 ; ; check SIDs Local $inAdminGrp = False, $denyAdmin = False, $elevatedAdmin = False, $sSID For $i = 0 To $count - 1 $tGROUP = DllStructCreate("ptr;dword", $pGROUP1 + ($cbSIDATTR * $i)) $sSID = _Security__SidToStringSid(DllStructGetData($tGROUP, 1)) If StringInStr($sSID, "S-1-5-32-544") Then ; member of Administrators group $inAdminGrp = True ; check for deny attribute If (BitAND(DllStructGetData($tGROUP, 2), 0x10) = 0x10) Then $denyAdmin = True ElseIf StringInStr($sSID, "S-1-16-12288") Then $elevatedAdmin = True EndIf Next ; If $inAdminGrp Then ; check elevated If $elevatedAdmin Then ; check deny status If $denyAdmin Then ; protected Admin CANNOT elevate Return SetExtended(0, 0) Else ; elevated Admin Return SetExtended(1, 1) EndIf Else ; protected Admin Return SetExtended(1, 0) EndIf Else ; not an Admin Return SetExtended(0, 0) EndIf EndIf EndFunc ;==>_IsUACAdmin Func _IsUACEnabled() Return (RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA") = 1) EndFunc ;==>_IsUACEnabled
      Example

      #include <_IsUACAdmin.au3> #include <GuiButton.au3> #include <GuiConstantsEx.au3> $g = GUICreate("UAC Test", 200, 100) $b = GUICtrlCreateButton("Elevate", 200-72, 100-27, 70, 25) _GUICtrlButton_SetShield($b) $admin = _IsUACAdmin() $canelevate = @extended GUICtrlCreateLabel("IsAdmin (built-in): " & (IsAdmin() = 1), 4, 4) GUICtrlCreateLabel("_IsUACAdmin (full admin): " & ($admin = 1), 4, 24) GUICtrlCreateLabel("Process can elevate: " & ($canelevate = 1), 4, 44) If $admin Or (Not $canelevate) Then GUICtrlSetState($b, $GUI_DISABLE) GUISetState() While 1 Switch GUIGetMsg() Case -3 ExitLoop Case $b ; restart elevated If @Compiled Then ShellExecute(@ScriptFullPath, "", @WorkingDir, "runas") Else ShellExecute(@AutoItExe, '/AutoIt3ExecuteScript "' & @ScriptFullPath & '"', @WorkingDir, "runas") EndIf Exit EndSwitch WEnd