Checking UAC Elevation of Running Process from Command Prompt

command-line windows uac wmic

The cleanest way to check for admin privileges using a CMD script, that I have found, is something like this:

@echo off

REM  Calling verify with no args just checks the verify flag,
REM   we use this for its side effect of setting errorlevel to zero
verify >nul

REM  Attempt to read a particular system directory - the DIR
REM   command will fail with a nonzero errorlevel if the directory is
REM   unreadable by the current process.  The DACL on the
REM   c:\windows\system32\config\systemprofile directory, by default,
REM   only permits SYSTEM and Administrators.
dir %windir%\system32\config\systemprofile >nul 2>nul

REM  Use IF ERRORLEVEL or %errorlevel% to check the result
if not errorlevel 1 echo has Admin privs
if     errorlevel 1 echo has only User privs

This method only uses CMD.exe builtins, so it should be very fast. It also checks for the actual capabilities of the process rather than checking for SIDs or group memberships, so the effective permission is tested. And this works as far back as Windows 2003 and XP. Normal user processes or nonelevated processes fail the directory probe, where as Admin or elevated processes succeed.


I don't think there is anything built into Windows that can show this information on the command line. Even PowerShell doesn't seem to help without calling Win32 functions.

SysInternals AccessChk may work for you:

.\accesschk.exe -p powershell.exe -e

ran elevated, shows:

[3256] powershell.exe
  Medium Mandatory Level [No-Write-Up, No-Read-Up]
  RW superUserPC2\peter
  RW NT AUTHORITY\SYSTEM
[3660] powershell.exe
  High Mandatory Level [No-Write-Up, No-Read-Up]
  RW BUILTIN\Administrators
  RW NT AUTHORITY\SYSTEM

You can see that the second PowerShell (3660) is running elevated because it has the High Mandatory Level

but if you run this command as standard user, you get:

[3256] powershell.exe
  Medium Mandatory Level [No-Write-Up, No-Read-Up]
  RW superUserPC2\peter
  RW NT AUTHORITY\SYSTEM
Error opening [3660] powershell.exe:
Access is denied.

still you kind of know the second PowerShell runs elevated because you got an Access denied for it.

.\accesschk.exe -p -f powershell -e

gives you even more information

Related

virtualbox port forwarding does not work
bluetooth headphones cut out whenever I turn my head
Jameson whiskey commercial construction with implicit verb
"To service" vs. "to serve"
Way to do something
Why aren’t all grains called “grains”?
The correct usage of "too" and "also"
"I am going to have a walk"
Like I versus Like me [duplicate]
How does the phrase "Is something the matter?" make sense?
an "X is an X is an X" what does this mean?
The ordering of word pairs: anyone for chips and fish?