Skip to main content

Elevated or not Elevated - Who is your user?

On my troubleshooting travels, I came across this link precisly addressing the problem I had encountered.  From this though, I quite liked the neat way in which the user account elevation test was completed.  I have modified it slightly to simplify the code, but it still does what it needs to.  Thanks for the post Oisin!

$identity = [Security.Principal.WindowsIdentity]::GetCurrent()

$principal = new-object Security.Principal.WindowsPrincipal $identity

$elevated = $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

if ($elevated) {"elevated - continue"}
else{"Not Elevated"}
Labels:

Comments

Post a Comment

Popular posts from this blog

Enable Powershell Remoting (WinRM) via Group Policy

I have been doing some testing on enabling WinRM via group policy, being that WinRM is the service that Powershell v2 sets up it remoting capabilities. Here are the GPO settings that you need to configure WinRM .... set the winrm service to auto start Computer Configuration \ Policies \ Windows Settings \ Security Settings \ System Services Windows Remote Management (WS-Management)  set Startup Mode to Automatic start the service incorporated in to the above - you may need a restart. create a winrm listener Computer Configuration / Policies / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Service / Allow automatic configuration of listeners IPv4 filter: * * is listen on all addresses, or if you only want a particular IP address to respond use an iprange eg 10.1.1.1-10.1.1.254 - don't forget that this IP range has to be valid for all hosts that fall in the scope of the GPO you are creating.  You can use 10.1.1.1 -
2 comments
Read more

Assigning Permissions - AGDLP

AGDLP It seems I have been mildly distracted away from the title of this blog site.   It does say AD Admin, but I seem to have been taken away by file system stuff.   I have to say, it has all been worthwhile, but it’s probably time I got back to the real heart of what I do. There are probably a million permission assigning advice pages, but I thought I would put another one out there after referring to AGDLP in my last post. So, what is this all about – AGDLP.   Well, it is something I learned in my MCSE 2003 studies and has become ingrained into my ideals since.   As a contractor, I get to move job often.   This enables me to forge opinions on how to configure things in a domain, and more importantly how NOT to configure things. AGDLP is definitely on the to do list…for anyone in any size domain or forest, as it follows some very basic principals.   I will explain these whilst I go through what AGDPL stands for. A A is for account.   It is the securit
2 comments
Read more

Get User connections to a share

I have always put this one in the "I'll get round to it" pile.  Today, I have finally got round to it! You can quite easily determine who is connected to a Windows Server by going to Computer Manager and choosing shared folders - sessions.  You can also see how many people are connected to a share by going to Computer Manager and choosing shared folders - shares.  What i want to know is WHO is connected to each share.  I have had quite a big reason to do this recently and so I have finally got round to creating a powershell 2 function to do precicely that! It will accept 2 parameters, a servername and an optional sharename to return only the connections from a particular share.  Regards Adam function get-shareConnection { #generate the help file <# .SYNOPSIS Get the current users that are connected to shares on a server .DESCRIPTION Get the current users that are connected to shares on a server. This can be filtered to a specific share. .NOTES Function Name
Post a Comment
Read more