In one of my PowerShell automation, the automated script needs to run with Admin mode. So to avoid the error during the scrip execution, we need to check whether the script is running in the context of a local administrator account or not.

As per my knowledge, PowerShell doesnโ€™t built-in function or Cmdlet that lets us check whether the logged-in user is a member of the Administrators group. To solve this problem, you need to build a function to check the logged-in userโ€™s security status before the main script execution.

The following PowerShell code can be used to check if the current script is running in the โ€œRun as Administratorโ€ mode or not.

STEP #1:ย  Get logged in user details using a WindowsIdentity object.

You need to use WindowsIdentity class to create a new PowerShell object containing security information about the logged-in user. In the first step, you need to get information about the current user and store it in a variable ($CurrentWindowsIdentity) as shown below.

$CurrentWindowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()

Note:

  • The System.Security.Principal is the base .NET library. The library can be used by C# and PowerShell.
  • The WindowsIdentity.GetCurrent() is a function in the library.

STEP #2:ย  Creating a new object of type WindowsPrincipal, and pass the Windows Identity to the constructor.

As shown in STEP 1, we got the information about the current user and store it in a variable ($CurrentWindowsIdentity). Now using $CurrentWindowsIdentity you need to create a new PowerShell object as shown below and pass the currently logged-in user object.

The WindowsPrincipal class is primarily used to check the role of a Windows user. The WindowsPrincipal.IsInRole method overloads to check the user role by using different role contexts.

For example, if you want to get the logged-in user name then execute $CurrentWindowsIdentity.Name.

$CurrentWindowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($CurrentWindowsIdentity)

STEP #3: Check current user below to Admin using WindowsPrincipal.IsInRole method.

Finally, we need to check does the current user has admin privilege using the .IsInRole method. WindowsPrincipal.IsInRole determines whether the current principal belongs to a specified Windows user group and it will output the Boolean result.

$CurrentWindowsPrincipal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)

Note:

  • IsInRole(WindowsBuiltInRole) determines whether the current principal belongs to the Windows user group with
    the specified WindowsBuiltInRole.

Final Code:

Output

Opened PowerShell in Admin privilege

Opened PowerShell in Non-Admin private