# encoding: ascii # api: powershell # title: is local admin # description: I could not find a solution that checks if a user is in local admin groups that can handle a situation if the user is there indirectly, that is a member of a group that is a part of the admin group. The below is what I came up with. The $env:USERDOMAIN part is iffy, since it depends on the account the script is run under, but that was enough for my purposes. Also it seems to detect the membership correctly even for local users and for users that are not local and not in the $env:USERDOMAIN domain, which is good # version: 0.1 # author: zespri # license: CC0 # x-poshcode-id: 5273 # x-archived: 2014-08-29T21:07:08 # x-published: 2014-07-02T01:19:00 # # #this is the account $accountName = "BLA\user" #this cruft here is so that we get UPN for the WindowsIdentity conscturctor add-type -AssemblyName System.DirectoryServices.AccountManagement $pc = new-object System.DirectoryServices.AccountManagement.PrincipalContext Domain,$env:USERDOMAIN $p = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($pc,$accountName) #and finally $wi = new-object System.Security.Principal.WindowsIdentity $p.UserPrincipalName $wp = [System.Security.Principal.WindowsPrincipal]$wi $wp.IsInRole("Administrators")