Although it is unusual, unpriviledged users can run elevated under their normal credentials (not with admin creds). This most commonly occurs with logon scripts run from GPO.
Running elevated messes some things up (particularly drive mapping). Thus, I'm looking for a way for a script to identify if it is running elevated. I know how to find elevated status for administrators:
$identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object System.Security.Principal.WindowsPrincipal( $identity )
$admin = [System.Security.Principal.WindowsBuiltInRole]::Administrator
if ($principal.IsInRole( $admin )) {
# script is running as an admin
}
But this doesn't work (obviously) for non-admins. This articleis helpful for testing for elevated processes, but it doesn't work if run elevated itself.
Anyone have any suggestions?
Thanks.