How to Check if a PowerShell Script is Running with Admin Privileges

If you are using PowerShell to automate administrative functions on Windows, sometimes it can be useful to perform a check to see if PowerShell ifs running as Admin in the context of a local administrator account. This is known as ‘running elevated’ or ‘elevation’. Many Windows 10 configuration settings, especially those that are system-wide and affect all users, require admin rights to change.

But PowerShell doesn’t have a cmdlet or built-in function that lets you check whether the logged-in user is a member of the Administrators group, which can lead to your scripts failing. To solve the problem, you can build a function to check the logged-in user’s security status. In this article, I’ll show you how to create the function and how to call it in your code.

Using the .NET WindowsIdentity class to check for elevation

PowerShell is based on .NET, so that allows us to call .NET APIs when there is no cmdlet to solve a problem. The .NET WindowsIdentity class, which is accessible in .NET and .NET Core, let’s you perform various checks including obtaining a Windows account token and check if a user has elevated permissions.

The first step is to use the WindowsIdentity class to create a new PowerShell object containing security information about the logged-in user. We do that in two steps. The first step is to get information about the current user and store it in a variable ($id). Then using that information, create a new PowerShell object ($p) that we use later.

$id = [System.Security.Principal.WindowsIdentity]::GetCurrent()

$p = New-Object System.Security.Principal.WindowsPrincipal($id)

Now we can confirm the status of the logged in user with an IF/ELSE statement. If the user is an administrator, we write ‘True’ to the pipeline. Otherwise, we write ‘False’.

if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))

   { Write-Output $true }     

else

   { Write-Output $false }

Now let’s bring all the code together to define the function and give it a name. Let’s call it Check-IsElevated:

function Check-IsElevated

 {

    $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()

    $p = New-Object System.Security.Principal.WindowsPrincipal($id)

    if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))

   { Write-Output $true }      

    else

   { Write-Output $false }   

 }

Call the function from your PowerShell code

All that’s left to do is call the function to check whether the user is an admin. We can use an IF statement with the -NOT operator to call the function and throw an error to stop the script if the user isn’t an administrator.

if (-not(Check-IsElevated))

 { throw "Please run this script as an administrator" }

Image # Expand

If the user is an administrator, PowerShell will continue and run the rest of your script.

FAQs

How can I quickly check PowerShell admin status from the command line without writing a function?

You can use a single-line command: [bool]([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]’Administrator’) to check if PowerShell is running as Admin without creating a custom function.

What are the common error messages when PowerShell scripts aren’t running as Admin?

When PowerShell isn’t running as Admin, you might encounter “Access Denied,” “Requested operation requires elevation,” or “The script requires elevated privileges” errors, indicating you need to restart PowerShell with administrative privileges.

Can I configure PowerShell scripts to automatically request Admin privileges when needed?

Yes, you can add a PowerShell script header with #Requires -RunAsAdministrator, which will automatically prompt for Admin privileges when the script runs without requiring manual elevation checks.

How do I verify if PowerShell is running as Admin on Windows Server Core edition?

In Windows Server Core, you can check if PowerShell is running as Admin by examining the prompt symbol – a ‘#’ symbol indicates Admin privileges, while ‘>’ indicates standard user privileges.

What’s the difference between checking if PowerShell is running as Admin versus checking user admin membership?

Checking if PowerShell is running as Admin specifically verifies the current process elevation status, while checking user admin membership only confirms if the user has the capability to run as Admin but doesn’t guarantee the current session is elevated.

Related Article:

• How to Create and Run PowerShell Script File on Windows 11