How can I detect if a specific process is elevated or not. This process is different than the process where my code is running. I'd like to be able to do this from with PowerShell or C#.
Asked
Active
Viewed 473 times
2 Answers
1
Maybe this can help
Get-Process |
Add-Member -Name Elevated -MemberType ScriptProperty -Value {if ($this.Name -in @('Idle','System')) {$null} else {-not $this.Path -and -not $this.Handle} } -PassThru |
Format-Table Name,Elevated
From http://www.powershellmagazine.com/2013/03/29/pstip-detecting-if-a-certain-process-is-elevated/
Shay Levy
- 107,077
- 26
- 168
- 192
-
the above script its great, and works if the process you are running it from is NOT elevated, but if that process itself is elevated its doesn't work. – klumsy Dec 06 '13 at 22:35
-
You're right, I found that myself when trying to test the code. There are additional properties that cannot be read if you're testing from a non-elevated session. For example, the process Modules property is null (its simpler to check for that instead for Path and handle). – Shay Levy Dec 07 '13 at 10:52
0
Please try out this answer: https://stackoverflow.com/a/4497572/717732
That UacHelper will need some minor changes. Like, IsProcessElevated uses OpenProcessToken on CurrentProcess - you will need to change the IsProcessElevated fo a function and make the Process a parameter, so you can inspect any, not just current one.
In general, this class does all that you'd need to. It inspects the security properties assigned to the process. I think that code speaks by itself.
BTW. If you think that code is OK for your needs, please mark your question as 'duplicate' of that one - it will help others in finding that code.
Community
- 1
- 1
quetzalcoatl
- 27,938
- 8
- 58
- 94