Batch script: how to check for admin rights

by

Issues

blak3r / Rushyo‘s solution works fine for everything except Windows 8. Running AT on Windows 8 results in:

The AT command has been deprecated. Please use schtasks.exe instead.

The request is not supported.

(see screenshot #1) and will return %errorLevel% 1.

 

Research

So, I went searching for other commands that require elevated permissions. rationallyparanoid.com had a list of a few, so I ran each command on the two opposite extremes of current Windows OSs (XP and 8) in the hopes of finding a command that would be denied access on both OSs when run with standard permissions.

Eventually, I did find one – NET SESSION. A true, clean, universal solution that doesn’t involve:

  • the creation of or interaction with data in secure locations
  • analyzing data returned from FOR loops
  • searching strings for “Administrator”
  • using AT (Windows 8 incompatible) or WHOAMI (Windows XP incompatible).

Each of which have their own security, usability, and portability issues.

 

Testing

I’ve independently confirmed that this works on:

  • Windows XP, x86
  • Windows XP, x64
  • Windows Vista, x86
  • Windows Vista, x64
  • Windows 7, x86
  • Windows 7, x64
  • Windows 8, x86
  • Windows 8, x64
  • Windows 10 v1909, x64

(see screenshot #2)

 

Implementation / Usage

So, to use this solution, simply do something like this:

@echo off
goto check_Permissions

:check_Permissions
    echo Administrative permissions required. Detecting permissions...
    
    net session >nul 2>&1
    if %errorLevel% == 0 (
        echo Success: Administrative permissions confirmed.
    ) else (
        echo Failure: Current permissions inadequate.
    )
    
    pause >nul

 

Explanation

NET SESSION is a standard command used to “manage server computer connections. Used without parameters, [it] displays information about all sessions with the local computer.”

So, here’s the basic process of my given implementation:

  1. @echo off
    • Disable displaying of commands
  2. goto check_Permissions
    • Jump to the :check_Permissions code block
  3. net session >nul 2>&1
    • Run command
    • Hide visual output of command by
      1. Redirecting the standard output (numeric handle 1 / STDOUT) stream to nul
      2. Redirecting the standard error output stream (numeric handle 2 / STDERR) to the same destination as numeric handle 1
  4. if %errorLevel% == 0
    • If the value of the exit code (%errorLevel%) is 0 then this means that no errors have occurred and, therefore, the immediate previous command ran successfully
  5. else
    • If the value of the exit code (%errorLevel%) is not 0 then this means that errors have occurred and, therefore, the immediate previous command ran unsuccessfully
  6. The code between the respective parenthesis will be executed depending on which criteria is met

 

Screenshots

Windows 8 AT %errorLevel%:

[imgur]

 

NET SESSION on Windows XP x86 – Windows 8 x64:

[imgur]

 

Thank you, @Tilka, for changing your accepted answer to mine. 🙂

More Related Contents:

  1. At which point does `for` or `for /R` enumerate the directory (tree)?
  2. Batch file: Find if substring is in string (not in a file)
  3. Iterate all files in a directory using a ‘for’ loop
  4. Batch character escaping
  5. How to wait all batch files to finish before exiting?
  6. How to do something to each file in a directory with a batch script
  7. How do I escape ampersands in batch files?
  8. Using a custom Tee command for .bat file
  9. Find out if file is older than 4 hours in Batch file
  10. Setting a system environment variable from a Windows batch file?
  11. How to correct variable overwriting misbehavior when parsing output?
  12. FORFILES date -after- (date calc in cmd file)
  13. Create an empty file on the commandline in windows (like the linux touch command)
  14. What is the proper way to test if a parameter is empty in a batch file?
  15. XCOPY still asking (F = file, D = directory) confirmation
  16. Using another language (code page) in a batch file made for others
  17. How can I debug a .BAT script?
  18. Redirecting Output from within Batch file
  19. Start multiple tasks in parallel and wait for them in windows?
  20. How do I create a shortcut via command-line in Windows?
  21. Why does findstr not handle case properly (in some circumstances)?
  22. Batch script with for loop and pipe
  23. How to pass environment variables as parameters by reference to another batch file?
  24. Execute multiple batch files concurrently and monitor if their process is completed
  25. Windows shell command to get the full path to the current directory?
  26. Batch program to to check if process exists
  27. How can I source variables from a .bat file into a PowerShell script?
  28. ERRORLEVEL vs %ERRORLEVEL% vs exclamation mark ERRORLEVEL exclamation mark
  29. How to expand a CMD shell variable twice (recursively)
  30. Split %date% in a batch file regardless of Regional Settings

Leave a Comment