How to Verify Remote Administrator Access
I have a script that changes network settings on a remote computer, but it fails if there's not local admin rights on the system. It's pointing to over 100 computers on the network. Instead of failing I'd like it to come back with a notification that the
account doesn't have admin rights on the computer.
$filename = "C:\temp\computers.txt"
$computers = get-content $filename
foreach ($comp in $computers)
{
If ( ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
$NICs = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -ComputerName $comp -Filter "IPEnabled=TRUE"
foreach($NIC in $NICs)
{
$DNSServers = "10.19.4.70","10.19.4.109"
$null = $NIC.SetDNSServerSearchOrder($DNSServers)
$null = $NIC.SetDynamicDNSRegistration("TRUE")
$null = $NIC.SetWINSServer("10.1.4.116","10.16.5.204)")
}
}
ELSE
{
Write-Host "Not an admin on" $comp
}
}
The script above uses a common script for testing for admin rights, but it doesn't appear to work with domain accounts. Any help or advice would be appreciated.
Thank you
September 8th, 2015 11:34am
It works fine with domain accounts.
September 8th, 2015 12:06pm
Thank you for your prompt response. Then why do I get a false when I'm an administrator?
PS C:\windows\system32> ([Security.Principal.WindowsPrincipal] [Security.Princip
al.WindowsIdentity]::GetCurrent()).IsInRole(`
>>
>> [Security.Principal.WindowsBuiltInRole] "Administrator")
>>
False
September 8th, 2015 12:14pm
Are you an administrator on the local machine and running elevated?
September 8th, 2015 12:18pm
Yes. I've confirmed I can run multiple PS scripts on remote computers with administrator rights.
September 8th, 2015 12:20pm
Not what I asked. Are you running as a member of the "local administrators" group and running elevated?
September 8th, 2015 12:22pm
Yes. I am a member of the "local administrators" group and running elevated
-
Edited by
Mauricem
13 hours 31 minutes ago
September 8th, 2015 1:38pm
At the same prompt type: WHOAMI /PRIV - post what is listed.
September 8th, 2015 2:27pm
PRIVILEGES INFORMATION
----------------------
Privilege Name Description
State
=============================== ========================================= ========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs
Enabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
September 8th, 2015 3:09pm
YOur permissions look correct. I can run the in a domain or on a standalone and it has never had an issue. Perhaps you should try restating your system and see if it works:
Use these lines:
$p=[Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()
$p.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
September 8th, 2015 4:15pm
Yes. I am a member of the "local administrators" group and running elevated
-
Edited by
Mauricem
Tuesday, September 08, 2015 5:37 PM
September 8th, 2015 5:36pm