Jump to content
Sign in to follow this  

Checking for admin rights

Recommended Posts


Hi All,

I've inherited a script to roll-out updates across a network; however the installer needs admin privileges. I can check if the current user has admin privileges using IsAdmin(), but I also have a centrally stored (and encrypted) set of usernames and passwords to use with RunAsSet.

My question is how do I check if a username from that central store is valid on the current computer the script is running on and has admin privileges. I can do the first part using ideas from this topic, but don't know how to do the admin bit. Jos's post in the topic might do it I thought, but I can't seem to get it to work for me, does it only work with active directory.

Thanks for your advice.


Share this post

Link to post
Share on other sites

In the past I've used RunAsSet to switch to the credentials that I wanted to test, used Opt to change AutoIt's behavior so that errors in the Run fuction are not fatal AutoIt errors and then run a no-op program that I know will be present on the PC (I've used RUNDLL32.EXE) and tested the result in @error to determine success or failure:

RunAsSet($adminName, @ComputerName, $passWord)
    $errorState = Opt("RunErrorsFatal", 0)
    RunWait(@SystemDir & "\rundll32.exe", @SystemDir, @SW_HIDE)
    If @error = 1 Then
        ; Credentials were bad (wrong password?), so do something
    Opt("RunErrorsFatal", $errorState)oÝ÷ Ù8b±«,ºg¬¶­ç^ØÆÞx/jX

This is slapdash cut-and-paste from scripts that are years old, so please check for spelling errors and general validity of the code.

Yes yes yes, there it was. Youth must go, ah yes. But youth is only being in a way like it might be an animal. No, it is not just being an animal so much as being like one of these malenky toys you viddy being sold in the streets, like little chellovecks made out of tin and with a spring inside and then a winding handle on the outside and you wind it up grrr grrr grrr and off it itties, like walking, O my brothers. But it itties in a straight line and bangs straight into things bang bang and it cannot help what it is doing. Being young is like being like one of these malenky machines.

Share this post

Link to post
Share on other sites

Thanks for that, this is what I've done with your code (not a lot):


; Returns 1 if user is member of admin group, 0 if not
Func CheckAdmin($username)
    Local $_net_exe, $_users
    $_net_exe = Run(@SystemDir & "\net.exe localgroup Administrators", @SystemDir, @SW_HIDE, 2)
        $_users &= StdoutRead($_net_exe)
    Until @error <> 0
    If StringInStr($_users, @CRLF & $username & @CRLF) Then
        Return 1
    Return 0

The check for @CRLF & $username & @CRLF is there as otherwise if 'Stephan' is an admin user then substrings of 'Stephan' were reported as members of the group too. However as each member of the group is reported on a new line by net.exe checking for a CR/LF at the beginning and end makes it match only the whole name.

Thanks again for your help DaveF.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this