Vbscript Detects UAC Upgraded

Question

Vbscript Detects UAC Upgraded

How does my vbscript detect if it works in an elevated UAC context? A.

I have no problem finding the user and figuring out if the user is in the Administrators group. But this still does not answer the question of whether the process increased privileges or not when running under Vista or Windows 2008. Note: I only need to detect this status; do not try to lift or (erroneously ..) de-lift.

+6

windows-vista vbscript windows-server-2008 uac

quux Oct 25 '08 at 3:12

source share

4 answers

The solution I'm posting is a couple of off-the-shelf VBScripts that useami use this to find this information. One of them is that they work with XP (for information available on XP) if you place a copy of the version of the Resource Kit of the whoami.exe version next to the script (or in the system32 folder of each machine).

CSI_IsSession.vbs contains a single function that can tell you almost everything you want to know about UAC or the current session the script runs under.

VBScriptUACKit.vbs (which uses CSI_IsSession.vbs) allows you to selectively request UAC in a script by reloading it again. It was designed and debugged to work in many execution scenarios.

Both scripts contain sample code that demonstrates how to use the main script code.

+4

Darwin May 25 '10 at 14:47

source share

Here is my shorter solution:

 Function IsElevated IsElevated = CreateObject("WScript.Shell").Run("cmd.exe /c ""whoami /groups|findstr S-1-16-12288""", 0, true) = 0 End function

This feature is self-contained and will not display a single flashing console window at runtime.

+4

Keith s garner Nov 10 '13 at 20:24

source share

a bit shorter in WSH Jscript

 function isElevated(){ var strCaption = ""; for (var enumItems=new Enumerator(GetObject("winmgmts:\\\\.\\root\\CIMV2").ExecQuery("Select * from Win32_OperatingSystem")); !enumItems.atEnd(); enumItems.moveNext()) { strCaption += enumItems.item().Caption; } if(/Vista|2008|Windows\s7|Windows\s8/.test(strCaption)){ return (new ActiveXObject("WScript.Shell").run('cmd.exe /c "whoami /groups|findstr S-1-16-12288"', 0, true)) == 0; }else{return true} } WScript.Echo(isElevated());

0

Alexey May 27 '15 at 1:59 pm

source share

quux · Accepted Answer · 2008-11-03T07:35:59+0000

The method that I finally decided depends on the fact that Vista and Windows 2008 have the whoami.exe utility and detect the integrity level of the user who owns this process. A few screenshots may help here:

WHOAMI, Normal and Advanced, on Vista http://lh3.ggpht.com/_Svunm47buj0/SQ6ql4iNjPI/AAAAAAAAAAeA/iwbcSrAZqRg/whoami%20-%20adminuser%20-%20groups%20-%20croppedmp=img == 5

You can see that when cmd runs with a raise, whoami / groups reports a "high" required level of integrity and a different SID than when run without a raise. In fig. The upper session is normal, the one below it works after the UAC prompt.

Knowing that here is the code I used. It essentially checks the OS version, and if it is Vista or Server 2008, it calls CheckforElevation, which launches whoami.exe / groups, and looks for the line S-1-16-12288 in the output. In this example, I simply return the status; in the material branch of the script I am for different actions based on the result.

sub GetOSVersion Dim strComputer, oWMIService, colOSInfo, oOSProperty, strCaption, strOSFamily strComputer = "." Set oWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colOSInfo = oWMIService.ExecQuery("Select * from Win32_OperatingSystem") 'I hate looping through just to get one property. But dunno another way! For Each oOSProperty in colOSInfo strCaption = oOSProperty.Caption Next If InStr(1,strCaption, "Vista", vbTextCompare) Then strOSFamily = "Vista" If InStr(1,strCaption, "2008", vbTextCompare) Then strOSFamily = "2008" If InStr(1,strCaption, "XP", vbTextCompare) Then strOSFamily = "XP" If InStr(1,strCaption, "2003", vbTextCompare) Then strOSFamily = "2003" If InStr(1,strCaption, "2000", vbTextCompare) Then strOSFamily = "2000" If strOSFamily = "" Then Wscript.Echo "No known OS found. (Script can detect Windows 2000, 2003, XP, Vista, 2008.)" Else Wscript.Echo "OS Family = " & strOSFamily End If Select Case strOSFamily 'if Vista/2008 then call CheckforElevation Case "Vista" CheckforElevation Case "2008" CheckforElevation Case Else Exit Sub End Select end sub sub CheckforElevation 'test whether user has elevated token Dim oShell, oExecWhoami, oWhoamiOutput, strWhoamiOutput, boolHasElevatedToken Set oShell = CreateObject("WScript.Shell") Set oExecWhoami = oShell.Exec("whoami /groups") Set oWhoamiOutput = oExecWhoami.StdOut strWhoamiOutput = oWhoamiOutput.ReadAll If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then boolHasElevatedToken = True If boolHasElevatedToken Then Wscript.Echo "Current script is running with elevated privs." Else Wscript.Echo "Current script is NOT running with elevated privs." End If end sub

Vbscript Detects UAC Upgraded

More articles: