Literally dozens of answers in this and linked questions and elsewhere at SE, all of which are deficient in this way or another, have clearly shown that Windows doesn't provide a reliable built-in console utility. So, it's time to roll out your own.
The following C code, based on
[To see links please register here]
, works in Win2k+<sup>1</sup>, anywhere and in all cases (UAC, domains, transitive groups...) - because it does the same as the system itself when it checks permissions. It signals of the result both with a message (that can be silenced with a switch) and exit code.
It only needs to be compiled once, then you can just copy the `.exe` everywhere - it only depends on `kernel32.dll` and `advapi32.dll` (I've [uploaded a copy][1]).
**`chkadmin.c`:**
<!-- language: lang-c -->
#include <malloc.h>
#include <stdio.h>
#include <windows.h>
#pragma comment (lib,"Advapi32.lib")
int main(int argc, char** argv) {
BOOL quiet = FALSE;
DWORD cbSid = SECURITY_MAX_SID_SIZE;
PSID pSid = _alloca(cbSid);
BOOL isAdmin;
if (argc > 1) {
if (!strcmp(argv[1],"/q")) quiet=TRUE;
else if (!strcmp(argv[1],"/?")) {fprintf(stderr,"Usage: %s [/q]\n",argv[0]);return 0;}
}
if (!CreateWellKnownSid(WinBuiltinAdministratorsSid,NULL,pSid,&cbSid)) {
fprintf(stderr,"CreateWellKnownSid: error %d\n",GetLastError());exit(-1);}
if (!CheckTokenMembership(NULL,pSid,&isAdmin)) {
fprintf(stderr,"CheckTokenMembership: error %d\n",GetLastError());exit(-1);}
if (!quiet) puts(isAdmin ? "Admin" : "Non-admin");
return !isAdmin;
}
---
<sup>1</sup><sub>MSDN claims the APIs are XP+ but this is false. `CheckTokenMembership` [is 2k+][2] and the other one [is even older][3]. The last link also contains a much more complicated way that would work even in NT.</sub>
[1]:
[To see links please register here]
[2]:
[To see links please register here]
[3]:
[To see links please register here]