-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcheck_elevation.ps1
More file actions
61 lines (52 loc) · 2.58 KB
/
check_elevation.ps1
File metadata and controls
61 lines (52 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#Copyright (c) 2022,2023 Serguei Kouzmine
#
#Permission is hereby granted, free of charge, to any person obtaining a copy
#of this software and associated documentation files (the "Software"), to deal
#in the Software without restriction, including without limitation the rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of the Software, and to permit persons to whom the Software is
#furnished to do so, subject to the following conditions:
#
#The above copyright notice and this permission notice shall be included in
#all copies or substantial portions of the Software.
#
#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
#OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
#THE SOFTWARE.
# based on:
# http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/09/23/a-self-elevating-powershell-script.aspx
# see also:
# https://stackoverflow.com/questions/7985755/how-to-detect-if-cmd-is-running-as-administrator-has-elevated-privileges
# https://stackoverflow.com/questions/1894967/how-to-request-administrator-access-inside-a-batch-file
param (
[string]$message = 'sensitive operation',
[switch] $debug
# NOTE: to unset need to pass as -debug:$false
)
function check_elevation {
param(
[string]$message,
[bool]$debug
)
$myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal = new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
if ($debug ){
Write-Host -NoNewLine 'Press any key to continue...'
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown')
}
# Check to see if we are currently NOT running "as Administrator"
# Alternative(?) is (https://www.cyberforum.ru/powershell/thread3136876.html#post17094408)
# 'S-1-5-32-544' = 'BUILTIN\Administrators'
# if (-not $myWindowsPrincipal.Groups -contains 'S-1-5-32-544')) {
if ( -not $myWindowsPrincipal.IsInRole($adminRole) ) {
write-host -foreground 'Red' ('The {0} needs to run in elevated prompt' -f $message)
exit
}
}
$debug_flag = [bool]$PSBoundParameters['debug'].IsPresent -bor $debug.ToBool()
check_elevation -debug $debug_flag -message $message