Hi NG!

Is there any possibility to determine in a batch-file, if the logged-on
user is member of Administrators-Group?
This should even work, if the user is member of a domain...

Of course I can try, to create a file unter %SYSTEMROOT% or something
else, and then check, if it was created...

but perhaps there is a better practice?

Any suggestion is greatly appreciated,

Best regard,
/Heiko Pliefke

On Thu, 04 Aug 2005 16:18:39 +0200, Heiko Pliefke <(E-Mail Removed)> wrote:

>Hi NG!
>
>Is there any possibility to determine in a batch-file, if the logged-on
>user is member of Administrators-Group?
>This should even work, if the user is member of a domain...
>
>Of course I can try, to create a file unter %SYSTEMROOT% or something
>else, and then check, if it was created...
>
>but perhaps there is a better practice?
>
>Any suggestion is greatly appreciated,
>
>Best regard,
>/Heiko Pliefke

in the batch, add the following lines to determine if the logged on user is a local administrator:

set admin=N
set domain=%USERDOMAIN%\
If /i "%domain%" EQU "%computername%\" set domain=
set user=%domain%%username%
for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y


Then just test the value of %admin%

If "%admin% EQU "Y" goto isAdmin

Try IFMEMBER.EXE from the Windows Server 2003 Resource Kit Tools:
http://www.microsoft.com/downloads/d...e-b18c4790cffd



"Heiko Pliefke" <(E-Mail Removed)> wrote in message
news:1123165119.614281@nbgm66x...
> Hi NG!
>
> Is there any possibility to determine in a batch-file, if the logged-on
> user is member of Administrators-Group?
> This should even work, if the user is member of a domain...
>
> Of course I can try, to create a file unter %SYSTEMROOT% or something
> else, and then check, if it was created...
>
> but perhaps there is a better practice?
>
> Any suggestion is greatly appreciated,
>
> Best regard,
> /Heiko Pliefke

Jerold Schulman wrote:

> in the batch, add the following lines to determine if the logged on
> user is a local administrator:
>
> set admin=N
> set domain=%USERDOMAIN%\
> If /i "%domain%" EQU "%computername%\" set domain=
> set user=%domain%%username%
> for /f "Tokens=*" %%a in ('net localgroup administrators^|find /i "%user%"') do set admin=Y
>
> Then just test the value of %admin%
>
> If "%admin% EQU "Y" goto isAdmin

It would seem that this method would fail if the user is a member of a
group that's a member of Administrators.

Ifmember.exe doesn't have this problem, but it's not language-independent.

To address these issues, I wrote isadmin.exe:

http://www.cybermesa.com/~bstewart/wast.html

Internally, isadmin.exe enumerates the SIDs for the current user and
returns an exit code of 1 if the current user is a member of
Administrators (e.g., SID S-1-5-32-544).

--
Bill Stewart