1

Good morning,

I'm trying to verify if a batch is executed with administrator permission. I found this command to verify:

openfiles >nul 2>&1
if NOT %errorLevel% == 0
...

or net session instead of openfiles.

Everything works if I open command prompt as administrator and return an error if I use normal command prompt.

The problem appears when i try to execute two batch in a single elevated permissions command prompt; The first batch is executed correctly, the second return permissions error.

what am i doing wrong?

Luca Taddeo
  • 13
  • 3
  • Nothing wrong with the commands you show, problem lies elsewhere. I'd use conditional execution instead of errorlevel checking `openfiles >nul 2>&1 || whatever` –  May 10 '17 at 14:22
  • Thanks for reply, I tried but it's the same. – Luca Taddeo May 10 '17 at 15:12
  • The problem is still elsewhere in the code you don't show. My hint wasn't related to the problem. Please read what a [mcve] is. –  May 10 '17 at 15:16
  • The code as posted works as expected for me, no matter how many times I run it. You will need to provide more detail to allow us to reproduce the problem. – Harry Johnston May 11 '17 at 02:45

1 Answers1

2

It's not as compact as the method you're using, but another method I've successfully used numerous times in the past is as follows:

IF EXIST %SYSTEMROOT%\SYSTEM32\WDI\LOGFILES GOTO GOTADMIN
[Whatever commands you want to run if not running as admin]
:GOTADMIN
[Whatever commands you want to run if running as admin]

This works because, by default, Windows only allows access to the WDI directory with elevated permissions. Thus, by telling the script to look inside that directory for another directory that is supposed to exist, it can be used to detect whether it's running as admin or not. If yes, it'll see that LOGFILES exists and return True. If no, it won't be allowed access to the WDI files, therefore it won't see that LOGFILES exists and will return False.

Admittedly, this only works if the default security permissions on the WDI directory have not been changed, but from my experience it is highly unlikely these permissions would have been changed in most installations. It also requires that the LOGFILES directory inside of the WDI directory has not been deleted or renamed, but I find this highly unlikely to occur since it is an integral part of the WDI directory's purpose.

I have tested and confirmed this to work on Windows 7, 8, 8.1 and 10. I have not tested it on Vista, but I would assume it works because of how similar Vista is to 7. Obviously there's no benefit in using this method on XP since all command prompts by default are run at maximum elevation on that version of Windows.

Cristopher Sturtz
  • 36
  • 2
  • This question is likely to be closed, since the OP has not provided enough information. I suggest you repost this as an answer to [this question](http://stackoverflow.com/q/4051883/886887) where it is more on-topic, more likely to be found by readers who need it, and less likely to wind up deleted. – Harry Johnston May 21 '17 at 21:28
  • Thanks for reply and sorry for the delay in the response. this check works properly! – Luca Taddeo Jun 21 '17 at 08:22