How to Verify Remote Administrator Access (Network Steve Forum)

How to Verify Remote Administrator Access

I have a script that changes network settings on a remote computer, but it fails if there's not local admin rights on the system. It's pointing to over 100 computers on the network. Instead of failing I'd like it to come back with a notification that the account doesn't have admin rights on the computer.

$filename = "C:\temp\computers.txt"

$computers = get-content $filename

foreach ($comp in $computers)
{
    If ( ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        $NICs = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -ComputerName $comp -Filter "IPEnabled=TRUE"
        foreach($NIC in $NICs) 
        {
            $DNSServers = "10.19.4.70","10.19.4.109"
            $null = $NIC.SetDNSServerSearchOrder($DNSServers)
            $null = $NIC.SetDynamicDNSRegistration("TRUE")
            $null = $NIC.SetWINSServer("10.1.4.116","10.16.5.204)")
        }
    }
    ELSE 
    {
       Write-Host "Not an admin on" $comp
    }
}

The script above uses a common script for testing for admin rights, but it doesn't appear to work with domain accounts. Any help or advice would be appreciated.

Thank you

September 8th, 2015 11:34am

It works fine with domain accounts.

Free Windows Admin Tool Kit Click here and download it now

September 8th, 2015 12:06pm

Thank you for your prompt response. Then why do I get a false when I'm an administrator?

PS C:\windows\system32> ([Security.Principal.WindowsPrincipal] [Security.Princip
al.WindowsIdentity]::GetCurrent()).IsInRole(`
>>
>> [Security.Principal.WindowsBuiltInRole] "Administrator")
>>
False

September 8th, 2015 12:14pm

Are you an administrator on the local machine and running elevated?

Free Windows Admin Tool Kit Click here and download it now

September 8th, 2015 12:18pm

Yes. I've confirmed I can run multiple PS scripts on remote computers with administrator rights.

September 8th, 2015 12:20pm

Not what I asked. Are you running as a member of the "local administrators" group and running elevated?

Free Windows Admin Tool Kit Click here and download it now

September 8th, 2015 12:22pm

Yes. I am a member of the "local administrators" group and running elevated

Edited by Mauricem 13 hours 31 minutes ago

September 8th, 2015 1:38pm

At the same prompt type: WHOAMI /PRIV - post what is listed.

Free Windows Admin Tool Kit Click here and download it now

September 8th, 2015 2:27pm

PRIVILEGES INFORMATION
----------------------
Privilege Name                  Description                               State
=============================== ========================================= ========
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Disabled
SeSecurityPrivilege             Manage auditing and security log          Disabled
SeTakeOwnershipPrivilege        Take ownership of files or other objects Disabled
SeLoadDriverPrivilege           Load and unload device drivers            Disabled
SeSystemProfilePrivilege        Profile system performance                Disabled
SeSystemtimePrivilege           Change the system time                    Disabled
SeProfileSingleProcessPrivilege Profile single process                    Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority              Disabled
SeCreatePagefilePrivilege       Create a pagefile                         Disabled
SeBackupPrivilege               Back up files and directories             Disabled
SeRestorePrivilege              Restore files and directories             Disabled
SeShutdownPrivilege             Shut down the system                      Disabled
SeDebugPrivilege                Debug programs                            Enabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        Disabled
SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled
SeRemoteShutdownPrivilege       Force shutdown from a remote system       Disabled
SeUndockPrivilege               Remove computer from docking station      Disabled
SeManageVolumePrivilege         Perform volume maintenance tasks          Disabled
SeImpersonatePrivilege          Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege         Create global objects                     Enabled
SeIncreaseWorkingSetPrivilege   Increase a process working set            Disabled
SeTimeZonePrivilege             Change the time zone                      Disabled
SeCreateSymbolicLinkPrivilege   Create symbolic links                     Disabled

September 8th, 2015 3:09pm

YOur permissions look correct. I can run the in a domain or on a standalone and it has never had an issue. Perhaps you should try restating your system and see if it works:

Use these lines:

$p=[Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()
$p.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

Free Windows Admin Tool Kit Click here and download it now

September 8th, 2015 4:15pm

Yes. I am a member of the "local administrators" group and running elevated

Edited by Mauricem Tuesday, September 08, 2015 5:37 PM

September 8th, 2015 5:36pm

This topic is archived. No further replies will be accepted.