Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Powershell To Check Local Admin Credentials

I'm trying to run a script that requires Administrator input in order to process certain things. Rather than have the script run unsuccessfully I'm trying to trap the error and throw it back into the Credentials, but I can't find a command I can pass Local Admin Credentials with to a Trap. Does anyone have anything that might work?

I've found MANY that will check domain credentials, but this is a LOCAL Admin account.

To clarify, I am using:

$Cred = Get-Credential

I need to verify the output from that is correct and has Admin access to run stuff further down in the script.

Working Solution (Thanks to User978511)

$Cred = Get-Credential 
$Computer = (gwmi Win32_ComputerSystem).Name
$User = $Cred.Username
$Pass = $Cred.GetNetworkCredential().Password
$Users = ("$Computer"+"$User")

Add-Type -assemblyname System.DirectoryServices.AccountManagement 
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$DS.ValidateCredentials($Users, $pass)

if ($Result -ne "True")
{
<Perform Tasks Here>
}
like image 258
Steve Avatar asked May 03 '12 13:05

Steve


People also ask

How do I list local administrators in PowerShell?

To find local administrators with PowerShell you can use the Get-LocalGroupMember command. The above example is running the command on the local computer. To run on a remote computer you can use the invoke-command. For this command to work you will need to have PowerShell Remoting enabled.

How do I check if I have admin rights in PowerShell?

Open PowerShell by right-clicking on the Windows start menu and choose the one that says, Administrator. The first command you'll need to enter is whoami and press enter. The second command to enter is Get- LocalUser -Name You username here | Select Principal Source. Don't forget to press enter.

How do I check if a user is a local admin group?

Double-click the Administrators group from the right pane. Look for the user name in the Members frame: If the user has administrator rights and is logged in locally, only his user name displays in the list. If the user has administrator rights and is logged into the domain, Domain Name\User name displays in the list.

How do I get a list of local admins?

Type net localgroup groupname, where groupname is the name of the group you want to list. For example, if the group name is Administrators, you would type net localgroup Administrators. Then press Enter. Observe the list of users in the local group.


2 Answers

function Is-Current-User-Admin
{
    return ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
}
like image 85
David Brabant Avatar answered Sep 19 '22 02:09

David Brabant


This will return you local admins (another answer is probably better fit here):

$group =[ADSI]"WinNT://./Administrators" 
$members = @($group.psbase.Invoke("Members")) 
$admins = $members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} 

And this will check credentials:

Add-Type -assemblyname system.DirectoryServices.accountmanagement 
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$DS.ValidateCredentials("test", "password") 

All you have to do is to check that credentials are ok and that user is member of Admins group

like image 34
Andrey Marchuk Avatar answered Sep 22 '22 02:09

Andrey Marchuk