Rishi Rishi - 3 months ago 10
PowerShell Question

How can I know if a given user has an admin account in a window server 2012 machine?

I am required to run a Jenkins job that that is to be executed on a slave machine from the master machine. The job comprises of running some powershell scripts on the logged slave machine.
I am using an account to login from master to slave which I suppose, doesn't have the admin rights as the behavior of the script differs when run as an administrator in the machine to that when run in locally on it.

How can I really confirm if the user provided to me has the admin rights?

Answer

In PowerShell 4.0 and newer, you can use the #Requires -RunAsAdministrator comment at the top of the script to prevent the script from running if the current user is not elevated. For earlier PowerShell versions, you can terminate the script if the current user is not elevated using code. For example:

$elevated = ([Security.Principal.WindowsPrincipal] `
  [Security.Principal.WindowsIdentity]::GetCurrent()
).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if ( -not $elevated ) {
  throw "This script must be run elevated (Run as administrator)."
}
Comments