how to determine if a shell is running as Administrator?

Andrew Schulman schulman.andrew@epa.gov
Thu Feb 5 14:38:00 GMT 2015


> On Feb  5 12:08, Achim Gratz wrote:
> > Corinna Vinschen writes:
> > >> 2. Parse the output of groups or id -G.  I can't find any reliable way to do
> > >> this.  For example on my host, when I start a shell with "Run as administrator",
> > >> the new group I get isn't 544 (Administrators).  It's 114 (Local account and
> > >> member of Administrators group).  Is that at all portable or reliable?
> > >
> > > Huh?  There is no such group in Windows.  Where does it come from?
> > 
> > Yes there is, at least on Windows 8.1N Core and Server 2012R2.  In fact
> > there are two new SID:
> > 
> > 113 (Local account)
> > 114 (Local account and member in Administrators group)
> > 
> > http://blogs.technet.com/b/secguide/archive/2014/09/02/blocking-remote-use-of-local-accounts.aspx
> > https://msdn.microsoft.com/en-us/library/cc980032.aspx
> 
> Thanks for the info.  Now I remember that I saw them already at one
> point, but I never had a deeper look what they actually are good for.

Yes, thanks.  And BTW I'm using Windows 7.  The first URL above says that the
new groups are also used there after KB2871997.

> However, the user token of such a user still contains the Administrators
> group (I just tested it) and thus the `id -G' test for 544 (or 0 with
> the old "root" entry in /etc/group) is still valid.

OK, I see.  Yes, when I Run as administrator I have

$ id -G
513 114 1007 1001 0 545 4 66049 11 15 113 4095 66048 262154 405504

which includes 0.

So it seems that the test for group 544 or 0 is the way to tell if the user has
admin rights.  If you want to know (I don't) specifically if they got those
rights from Run as administrator, the presence of group 114 will tell you that,
but only in newer OSes.

Thanks everyone!  Cygwin rocks
Andrew


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list