Hello!This time, I will summarize how to check if the batch file can be executed with administrator privileges.
I think it's the easiest and most commonly used.
Since OpenFIles itself cannot be executed without administrator privileges, it takes advantage of that property.
However, in some cases, such as when the account has administrator privileges but it is executed with user privileges, the privileges may not be available halfway. (OpenFIles can be executed, but registry editing cannot be performed, etc.)
Whoami uses the difference in information that can be obtained with general authority and administrator authority to determine authority.
If you try to execute the command manually, this difference will come out.
Therefore, you can search Whoami results with any [privileged name] with the Find command, and if you cannot find it, you can consider it as general authority.
Unless you have an environment where general authority and administrator authority are completely matched, you can judge with this (in such an environment, you do not need to execute administrator authority)
If it is used at the individual level, it will not have much effect, but it may not be possible to determine that the same [privileged name] is the same for those who visit various sites, so manually [privileged name] before deployment. I think it is better to confirm that there is a difference in.
Edit the registry to determine
It's not a recommended method, but I often use this method to make sure it's done in my work.
In the first place, most of the processes that require administrator privileges are rewriting the registry. (* I think it depends on the environment.)
Therefore, if you make a judgment by writing to the registry that has no effect first, you can be sure that the registry can be rewritten.
Write a command that seems to have no effect to the RunOnce registry.
If there is no problem, you can use any registry, but if you use RunOnce, if you register a command that does not affect it, it will disappear without permission, so I am here.
Of course, I also execute the delete command myself.
With this method, you can be sure that you have the authority to rewrite the registry.
- Often used is judgment by OpenFils
- Whoami if you want to make a more reliable judgment
- Write test if you want to ensure registry changes
I think that it is necessary to use it properly depending on the environment and the purpose of work, but I think that the administrator authority judgment should be made with a firm eye on the processing that you want to do in the end.
We hope for your reference.