If you need to run a PowerShell script with the administrator privileges, you can check if the current powershell.exe process has the elevated permissions right in your PS code.
The following PowerShell code can be used to check if the current script is running in the “Run as Administrator” mode:
Write-Host "Checking for elevated permissions..."
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
[Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "Insufficient permissions to run this script. Open the PowerShell console as an administrator and run this script again."
Break
}
else {
Write-Host "Code is running as administrator — go on executing the script..." -ForegroundColor Green
}
Save the PowerShell code to the check_process_elevation.ps1 file and run it in the console without the administrator privileges:
C:\PS\check_process_elevation.ps1
As you can see, the message appeared that you have no administrator privileges, so the PowerShell script has been stopped.
Now run the script in the elevated PowerShell session . As you can see, the script has detected that this PowerShell session is run as administrator.
Also you can request elevation right from the PowerShell script. To do it, instead of the string:
Write-Warning "Insufficient permissions…”
use the following code:
Start-Process Powershell -ArgumentList $PSCommandPath -Verb RunAs
When running the script without the administrator privileges, it will rerun in the new elevated PowerShell session and you will see an UAC elevation prompt. If you accept it, your PS1 script will be run as administrator. (The path to the current file of the PowerShell script is transferred using the $PSCommandPath
environment variable.)
In PowerShell 4.0 or newer, it is even easier to check if your script running with the administrator privileges. To do it, use the –RunAsAdministrator directive.
#requires -version 4.0
#requires –RunAsAdministrator
Write-Host "PowerShell is run as administrator" -ForegroundColor Green
If the script is not run under the administrator, the following error will appear:
The script ‘check_process_elevation.ps1’ cannot be run because it contains a “#requires” statement for running as Administrator. The current Windows PowerShell session is not running as Administrator. Start Windows PowerShell by using the Run as Administrator option, and then try running the script again. At line:1 char:1 + C:\PS\check_process_elevation.ps1 + ~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (check_process_elevation.ps1:String) [], ScriptRequiresException + FullyQualifiedErrorId : ScriptRequiresElevation
If you run the script on a computer with PowerShell v2, the following error message will appear:
Cannot process the “#requires” statement at line 2 because it is not in the correct format. The “#requires” statement must be in one of the following formats: “#requires -shellid <shellID>” “#requires -version <major.minor>” “#requires -pssnapin <psSnapInName> [-version <major.minor>]”
To manage Active Directory, you may need another task: to check if the current user has the domain admin privileges from a PowerShell script. Use the following code:
If(([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole("Domain Admins"))
{
#a user running the script has the Domain Admins rights
}
Else
{
#no Domain Admins rights
}