Batch - check if given process is running with admin privileges

Question

I'm writing a batch script, where I need to check if a specific process is run with admin privileges and I have trouble finding a proper command to do so. Tasklist command does not give me that information. Is there any way to get info about privileges of given process (not cmd.exe, but any process) with a command (and possibly without 3rd party software)?

Edit: I don't need to determine which account has launched the process, nor do I need to check if cmd.exe process is running with admin privileges. I need to check if a given process is running with admin privileges or not, because later i want to call program which needs to have the same privileges as a given process.

Answer 1

Admin is easily confirmed by calling a PowerShell script from a .bat file script. Place these two (2) files in the same directory. Running Confirm-Admin.bat will return True in the output and 1 as the ERRORLEVEL if the process is being run as admin. If not being run as admin, it will return False as the output and zero (0) as the ERRORLEVEL.

=== Confirm-Admin.ps1

function ExitWithCode($exitcode) {
    $host.SetShouldExit($exitcode)
    exit $exitcode
}

$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if ($currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    Write-Output "True"
    ExitWithCode 1
} else {
    Write-Output "False"
    ExitWithCode 0
}

=== Confirm-Admin.bat

powershell -NoLogo -NoProfile -File "%~dp0%~n0.ps1"

To run Confirm-Admin.ps1 in PowerShell, invoke another Powershell to run it.

C:>powershell -NoLogo -NoProfile -File "Confirm-Admin.ps1"
True
PS 10:59  C:\src\t
C:>$LASTEXITCODE
1

If you only want to stay in the cmd.exe world, see https://stackoverflow.com/a/11995662/447901

Answer 2

Okay, so after some research and experimenting, I've managed to partially solve my problem.

Firstly, I check if batch script is running with admin privileges:

fsutil dirty query %SYSTEMDRIVE% >nul
if %errorLevel% == 0 (
    set isBatchElevated=true
) else (
    set isBatchElevated=false
)

Then, I look for a specific process by getting list of all tasks running by current user and finding a process by name:

tasklist /fi "username eq %USERDOMAIN%\%USERNAME%" | find /i "processname" > nul
if errorlevel 1 (
    :: batch script doesn't have admin privileges, but the process has
)

So, there are four possible scenarios of running script and process with or without admin privileges.

1) Batch script without admin privileges, process with admin privileges

Running tasklist command won't find the given process with elevated rights and will set exit code to 1. Therefore, you can be 100% sure, that the process is running with elevated privileges, but only if batch script is running without admin privileges.

2) Batch script without admin privileges, process without admin privileges

Running tasklist command will find the given process. Basing on the 1) outcome, you can be 100% sure, that the process is running without elevated privileges, but only if batch script is running without admin privileges.

3)/4) Batch script with admin privileges, process with/without admin privileges

Those are problematic scenarios. When the script is running with elevated privileges, then the given process will be found, but there would be no difference between process with and without elevated rights when running tasklist.

After the privileges check I need to run a program with the same rights as the given process. The difference in the privileges will cause an error and the given won't be running without admin privileges only, so running the batch script without admin rights only won't solve the issue.