Is it very useful to run simple checks to validate the user environment, especially when checking if the context while user is working is aligned with out expectations or requirements. But is not always easy to get a simple information such as if the current user is a local admin or not.
It’s very easy to check it from the user interface, but I found that can be important to gather that information with powershell without running as an administrator.
A solution came to me after reading Microsoft Documentation on Security Identifier (SID) and Trustee. It’s possible to verify if member of the Local Administrator Group checking it’s SID(“S-1-5-32-544”). If found that other websites are suggesting exactly the same solutions, it’s nothing really new.
Using Security Identifier of the local administrator group (“S-1-5-32-544”). and powershell and .NET (https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity(v=vs.110).aspx)
How to check if the current user is a local admin with a oneliner :
1 |
[bool] ([Security.Principal.WindowsIdentity]::GetCurrent().Groups | where-object { $_.value -like "S-1-5-32-544"}) |
How to create a function called Test-CurrentUserIsLocalAdmin that returns a boolean:
1 2 3 4 |
#Paolo Frigo, https://www.scriptinglibrary.com function Test-CurrentUserIsLocalAdmin(){ Return [bool] ([Security.Principal.WindowsIdentity]::GetCurrent().Groups | where-object { $_.value -like "S-1-5-32-544"}) } |
Please check my git repository, there is also another article/script on the same topic on scripting library written few months ago, but it requires local admin privileges (How To Get A List Of All Local Administrators).