How can I tell whether a process is running with administrator permissions?

In Process Explorer, double click the process to open its properties. Go to the Security tab. In the group listing, find BUILTIN\Administrators and look at what it says in the Flags column.

Deny = Not Elevated (not admin)

alt text

Owner = Elevated (is admin)

alt text


In Process Explorer you can change the columns displayed and add the "Integrity level" column from the "Process Image" tab:

enter image description here

This is apparently the technical term for what is changed when you run a process with administrator privileges. If you run Process Explorer as an Administrator it will show ordinary processes as 'medium' integrity level and elevated processes as 'high'.

Note that if you run process explorer as an ordinary user, it will show processes that have admin privileges with a blank entry in the integrity level column.


Update with the OSes: Resource Monitor, which I believe is included with Windows 7 and Windows 10 (not sure about Vista) has an optional 'Elevated' column on the CPU tab's list of processes section that seems to be pretty accurate.