IanG on Tap

Ian Griffiths in Weblog Form (RSS 2.0)

Blog Navigation

July (2014)

(4 items)

April (2014)

(1 item)

March (2014)

(1 item)

January (2014)

(2 items)

November (2013)

(2 items)

July (2013)

(4 items)

April (2013)

(1 item)

February (2013)

(6 items)

September (2011)

(2 items)

November (2010)

(4 items)

September (2010)

(1 item)

August (2010)

(4 items)

July (2010)

(2 items)

September (2009)

(1 item)

June (2009)

(1 item)

April (2009)

(1 item)

November (2008)

(1 item)

October (2008)

(1 item)

September (2008)

(1 item)

July (2008)

(1 item)

June (2008)

(1 item)

May (2008)

(2 items)

April (2008)

(2 items)

March (2008)

(5 items)

January (2008)

(3 items)

December (2007)

(1 item)

November (2007)

(1 item)

October (2007)

(1 item)

September (2007)

(3 items)

August (2007)

(1 item)

July (2007)

(1 item)

June (2007)

(2 items)

May (2007)

(8 items)

April (2007)

(2 items)

March (2007)

(7 items)

February (2007)

(2 items)

January (2007)

(2 items)

November (2006)

(1 item)

October (2006)

(2 items)

September (2006)

(1 item)

June (2006)

(2 items)

May (2006)

(4 items)

April (2006)

(1 item)

March (2006)

(5 items)

January (2006)

(1 item)

December (2005)

(3 items)

November (2005)

(2 items)

October (2005)

(2 items)

September (2005)

(8 items)

August (2005)

(7 items)

June (2005)

(3 items)

May (2005)

(7 items)

April (2005)

(6 items)

March (2005)

(1 item)

February (2005)

(2 items)

January (2005)

(5 items)

December (2004)

(5 items)

November (2004)

(7 items)

October (2004)

(3 items)

September (2004)

(7 items)

August (2004)

(16 items)

July (2004)

(10 items)

June (2004)

(27 items)

May (2004)

(15 items)

April (2004)

(15 items)

March (2004)

(13 items)

February (2004)

(16 items)

January (2004)

(15 items)

Blog Home

RSS 2.0

Writing

Programming C# 5.0

Programming WPF

Other Sites

Interact Software

Detecting Admin Elevation in PowerShell

Friday 9 February, 2007, 04:56 PM

I'm a fairly keyboard-centric user, so I usually have a few command line prompts open. Sometimes it's useful to run one as an administrator. (I've been running as a non-admin user on XP for some time, so unlike some, I welcome the whole UAC thing in Vista. The sooner developers get used to non-admin being the default in Windows the better. But sometimes you need to do things as admin.) I like to have a pretty clear visual hint that the power to destroy my machine is just an ill-considered keystroke away, so I usually give my admin prompt windows a red background.

With ordinary Windows command prompts (which are not DOS prompts) it's pretty easy to do that. Just type the command COLOR 4F and you're done. That's quick to type, so I never bothered to find an automated solution.

But with PowerShell it's a little too much effort to do by hand. (By the way, PowerShell is now available for Vista even though the main PowerShell page suggests that the Vista support isn't done yet, at time of writing.) To change the background colour to red, you need to do this:

(get-host).UI.RawUI.Backgroundcolor="DarkRed"

That's long enough that I don't want to commit it to muscle memory. So I decided to add something to my profile to set the colour automatically when I run as admin.

On XP, there's an obvious solution to this: add that line to the profile for your admin user ID, but don't add it to your normal user profile. So if you run as admin, you'll get the admin profile and that'll set the red background. (Or change the prompt to a $, or whatever your preferred cue may be.) However, this doesn't work so well on Vista.

With Vista, user accounts that are in the admin group don't run with admin privileges by default. You are now required to opt in to running with scissors. This means that setting the background colour in an account-specific profile will no longer work, because the same account might launch both admin and non-admin prompts.

The solution is to detect whether we're running with admin privileges or not, and set the background to red if we are. You can use the .NET class library to test for this. I've added the following code to do that in my profile:

& {
  $wid=[System.Security.Principal.WindowsIdentity]::GetCurrent()
  $prp=new-object System.Security.Principal.WindowsPrincipal($wid)
  $adm=[System.Security.Principal.WindowsBuiltInRole]::Administrator
  $IsAdmin=$prp.IsInRole($adm)
  if ($IsAdmin)
  {
    (get-host).UI.RawUI.Backgroundcolor="DarkRed"
    clear-host
  }
}

If I run PowerShell in the normal way, the process token will not include the Administrator role - processes are not elevated by default in Vista, even if you're an admin user. In this case, my code leaves the background colour as it is. But if I choose to elevate, by launching PowerShell with the context menu's "Run as administrator..." option, the process will be launched with full admin privileges. The code shown above will detect this, and it will set the background to red and clear the console window. That last step is necessary because by default, the new background colour only applies to new output, rather than the whole window.

You may be wondering about the slightly curious syntax on the first line. You can remove that opening "& {" and the corresponding "}" at the end, and it will still work. However, this ends up leaving the variables in scope for the entire session. This makes sense because in general, if you're setting variables in your profile it's because you want them to be available from the prompt. But in this case, the variables are just for holding temporary data, so I wrapped everything in a block ("{...}") in order to limit their scope. The ampersand tells PowerShell that I want it to execute the block - without that I would effectively have defined an anonymous function without ever executing it.

[UPDATE 10th Feb 2007: I failed to spot this, but it turns out that Dominick Baier beat me to it on this one. He got in a day ahead of me. Although to be fair, his shows how to set the title bar when running as admin in PowerShell. Same basic technique though.]

Copyright © 2002-2013, Interact Software Ltd. Content by Ian Griffiths. Please direct all Web site inquiries to webmaster@interact-sw.co.uk