box of Jack

Checking for Administrator privileges in a .bat or .cmd

Posted on February 11th, 2013

Yes, sometimes I’m writing a batch file and I need to check if the user is running this as an elevated user. Archaic, I know, but it’s needed. You basically need to check if the current user is part of the “High” Integrity Level group.

I’m posting this because I have the hardest time trying to search for this whenever I need it. Unlike the other kludgey solutions on the net, this one actually inspects the Mandatory Integrity Control in Windows Vista/7/8.

Run this command:

whoami.exe /GROUPS | find "S-1-16-12288" > nul
if "%errorlevel%"=="0" (
    echo You are elevated.
) else (
    echo You are not elevated.
)

If you need to do this in PowerShell, you can use:

([Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value -contains "S-1-5-32-544")

If you need to relaunch the batch file as Administrator, you’ll need to rely on some crafty PowerShell code:

powershell.exe -command Start-Process -Verb RunAs -FilePath cmd.exe -ArgumentList '/c %~f0'