windows 如何检测 CMD 是否以管理员身份运行/是否具有提升的权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7985755/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to detect if CMD is running as Administrator/has elevated privileges?
提问by Jeff
From inside a batch file, I would like to test whether I'm running with Administrator/elevated privileges.
从批处理文件中,我想测试我是否以管理员/提升权限运行。
The username doesn't change when "Run as Administrator" is selected, so that doesn't work.
选择“以管理员身份运行”时,用户名不会更改,因此不起作用。
If there were a universally available command, which has no effect, but requires administrative privileges, then I could run that and check for an error code in order to test for privileges. So far, I haven't found such a command. The commands I have found seem to return a single, non-specific error code, which could indicate anything, and they're prone to failure for a variety of reasons.
如果有一个通用的命令,它没有任何效果,但需要管理权限,那么我可以运行它并检查错误代码以测试权限。到目前为止,我还没有找到这样的命令。我发现的命令似乎返回一个单一的、非特定的错误代码,它可能表明任何事情,并且由于各种原因它们很容易失败。
I only care about Windows 7, though support of earlier operating systems would be nice.
我只关心 Windows 7,虽然支持早期的操作系统会很好。
采纳答案by Rushyo
ADDENDUM: For Windows 8 this will not work; see this excellent answerinstead.
附录:对于 Windows 8,这将不起作用;而是看到这个优秀的答案。
Found this solution here: http://www.robvanderwoude.com/clevertricks.php
在这里找到这个解决方案:http: //www.robvanderwoude.com/clevertricks.php
AT > NUL
IF %ERRORLEVEL% EQU 0 (
ECHO you are Administrator
) ELSE (
ECHO you are NOT Administrator. Exiting...
PING 127.0.0.1 > NUL 2>&1
EXIT /B 1
)
Assuming that doesn't work and since we're talking Win7 you could use the following in Powershell if that's suitable:
假设这不起作用,并且由于我们在谈论 Win7,如果合适,您可以在 Powershell 中使用以下内容:
$principal = new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
$principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
If not (and probably not, since you explicitly proposed batch files) then you could write the above in .NET and return an exit code from an exe based on the result for your batch file to use.
如果不是(可能不是,因为您明确提出了批处理文件),那么您可以在 .NET 中编写上述内容,并根据要使用的批处理文件的结果从 exe 返回退出代码。
回答by Ambrose Leung
This trick only requires one command: type net sessioninto the command prompt.
这个技巧只需要一个命令:net session在命令提示符中输入。
If you are NOT an admin, you get an access is denied message.
如果您不是管理员,则会收到拒绝访问的消息。
System error 5 has occurred.
Access is denied.
If you ARE an admin, you get a different message, the most common being:
如果您是 admin,您会收到不同的消息,最常见的是:
There are no entries in the list.
From MS Technet:
来自微软技术网:
Used without parameters, net session displays information about all sessions with the local computer.
不带参数使用时,net session 显示有关与本地计算机的所有会话的信息。
回答by Harry Johnston
I like Rushyo's suggestion of using AT, but this is another option:
我喜欢 Rushyo 使用 AT 的建议,但这是另一种选择:
whoami /groups | findstr /b BUILTIN\Administrators | findstr /c:"Enabled group" && goto :isadministrator
This approach would also allow you to distinguish between a non-administrator and a non-elevated administrator if you wanted to. Non-elevated administrators still have BUILTIN\Administrators in the group list but it is not enabled.
如果您愿意,这种方法还允许您区分非管理员和非高级管理员。非提升的管理员在组列表中仍然有 BUILTIN\Administrators 但它没有被启用。
However, this will not work on some non-English language systems. Instead, try
但是,这不适用于某些非英语语言系统。相反,尝试
whoami /groups | findstr /c:" S-1-5-32-544 " | findstr /c:" Enabled group" && goto :isadministrator
(This should work on Windows 7 but I'm not sure about earlier versions.)
(这应该适用于 Windows 7,但我不确定早期版本。)
回答by geek_01
Pretty much what others have put before, but as a one liner that can be put at the beginning of a batch command. (Well, usually after @echo off.)
几乎其他人之前已经放置过,但作为一个可以放在批处理命令开头的衬垫。(好吧,通常在@echo 关闭之后。)
net.exe session 1>NUL 2>NUL || (Echo This script requires elevated rights. & Exit /b 1)
回答by Martin Binder
The easiest way to do this on Vista, Win 7 and above is enumerating token groups and looking for the current integrity level (or the administrators sid, if only group memberhip is important):
在 Vista、Win 7 及更高版本上执行此操作的最简单方法是枚举令牌组并查找当前的完整性级别(或管理员 sid,如果只有组成员身份很重要):
Check if we are running elevated:
检查我们是否正在运行:
whoami /groups | find "S-1-16-12288" && Echo I am running elevated, so I must be an admin anyway ;-)
Check if we belong to local administrators:
检查我们是否属于本地管理员:
whoami /groups | find "S-1-5-32-544" && Echo I am a local admin
Check if we belong to domain admins:
检查我们是否属于域管理员:
whoami /groups | find "-512 " && Echo I am a domain admin
The following article lists the integrity level SIDs windows uses: http://msdn.microsoft.com/en-us/library/bb625963.aspx
以下文章列出了 Windows 使用的完整性级别 SID:http: //msdn.microsoft.com/en-us/library/bb625963.aspx
回答by Hugh
Here's a slight modification of Harry's answer that focuses on elevated status; I'm using this at the start of an install.bat file:
这是对哈利的回答的略微修改,重点是提升地位;我在 install.bat 文件的开头使用它:
set IS_ELEVATED=0
whoami /groups | findstr /b /c:"Mandatory Label\High Mandatory Level" | findstr /c:"Enabled group" > nul: && set IS_ELEVATED=1
if %IS_ELEVATED%==0 (
echo You must run the command prompt as administrator to install.
exit /b 1
)
This definitely worked for me and the principle seems to be sound; from MSFT's Chris Hymanson:
这绝对对我有用,而且原理似乎是合理的;来自MSFT 的 Chris Hymanson:
When you are running elevated, your token contains an ACE called Mandatory Label\High Mandatory Level.
当您运行提升时,您的令牌包含一个名为 Mandatory Label\High Mandatory Level 的 ACE。
回答by ipAlex
the solution:
解决方案:
at >nul
if %ErrorLevel% equ 0 ( echo Administrator ) else ( echo NOT Administrator )
does not work under Windows 10
在 Windows 10 下不起作用
for all versions of Windows can be do so:
对于所有版本的 Windows 都可以这样做:
openfiles >nul 2>&1
if %ErrorLevel% equ 0 ( echo Administrator ) else ( echo NOT Administrator )
回答by GeoffH
I read many (most?) of the responses, then developed a bat file that works for me in Win 8.1. Thought I'd share it.
我阅读了许多(大多数?)回复,然后开发了一个在 Win 8.1 中适用于我的 bat 文件。以为我会分享它。
setlocal
set runState=user
whoami /groups | findstr /b /c:"Mandatory Label\High Mandatory Level" > nul && set runState=admin
whoami /groups | findstr /b /c:"Mandatory Label\System Mandatory Level" > nul && set runState=system
echo Running in state: "%runState%"
if not "%runState%"=="user" goto notUser
echo Do user stuff...
goto end
:notUser
if not "%runState%"=="admin" goto notAdmin
echo Do admin stuff...
goto end
:notAdmin
if not "%runState%"=="system" goto notSystem
echo Do admin stuff...
goto end
:notSystem
echo Do common stuff...
:end
Hope someone finds this useful :)
希望有人觉得这很有用:)
回答by tivnet
A "not-a-one-liner" version of https://stackoverflow.com/a/38856823/2193477
https://stackoverflow.com/a/38856823/2193477 的“非单行”版本
@echo off
net.exe session 1>NUL 2>NUL || goto :not_admin
echo SUCCESS
goto :eof
:not_admin
echo ERROR: Please run as a local administrator.
exit /b 1
回答by Wolfgang
If you are running as a user with administrator rights then environment variable SessionName will NOT be defined and you still don't have administrator rights when running a batch file.
如果您以具有管理员权限的用户身份运行,则不会定义环境变量 SessionName 并且在运行批处理文件时您仍然没有管理员权限。
You should use "net session" command and look for an error return code of "0" to verify administrator rights.
您应该使用“net session”命令并查找错误返回代码“0”以验证管理员权限。
Example;
- the first echo statement is the bell character
net session >nul 2>&1
if not %errorlevel%==0 (echo
echo You need to start over and right-click on this file,
echo then select "Run as administrator" to be successfull.
echo.&pause&exit)
例子; - 第一个 echo 语句是响铃字符
net session >nul 2>&1
if not %errorlevel%==0 (echo
echo You need to start over and right-click on this file,
echo then select "Run as administrator" to be successfull.
echo.&pause&exit)
