检查脚本是否具有提升的权限 [英] Check if the script has elevated permissions

问题描述

我想检查运行VBscript的上下文是否允许我执行管理任务.

I would like to check whether the context in which my VBscript runs allows me to perform administrative tasks.

要求:

• 该解决方案应该适用于从Server 2003开始的所有Windows操作系统.(这排除了仅检查Administrators组成员身份的解决方案-记住，在Vista和Windows 7中存在UAC！ )
• 解决方案应为简单.一种50 LOC解决方案，它检查Windows组成员身份(当然，由于用户可能是某个组的成员，而该组又是该组的成员，而该组又是Administrators组的成员)，然后对Vista进行一些额外的检查UAC 不简单.
• 该解决方案可能有点脏，所以可以采用此解决方案的方法.
• 它不应太脏.在我看来，将文件写入C:\ Windows或写入注册表项太脏了，因为它会修改系统. (仍然可能无法正常工作:例如，在HTA中使用VBScript时，UAC重定向就会开始.)

• The solution should work on all Windows operating systems starting with Server 2003. (This rules out solutions which just check for membership in the Administrators group -- remember that there's UAC in Vista and Windows 7!)
• The solution should be simple. A 50 LOC solution that checks the Windows group memberships (recursively, of course, since the user might be member of a groups which is member of a group ... which is member of the Administrators group) and then does some extra checks for Vista UAC is not simple.
• The solution may be a bit dirty, so something along the lines of this solution would be ok.
• It should not be too dirty. Writing a file to C:\Windows or writing a registry key is too dirty in my opinion, since it modifies the system. ( Which might not work anyway: for example, when using VBScript in a HTA, UAC redirection kicks in.)

相关问题: https://stackoverflow.com/questions/301860 (我在那里找到的所有答案(a )忽略UAC问题，并且(b)出现故障，因为它们忽略了用户尽管不是管理员组的直接成员也具有管理权限的可能性)

Related question: https://stackoverflow.com/questions/301860 (all of the answers I found there (a) ignore the UAC issue and (b) are faulty because they ignore the possibility of a user having administrative permissions although not being direct member in the Administrators group)

推荐答案

可能将其结合起来(来自VBscript的WhoAmI )与此( UAC已打开上).

Possibly combine this (WhoAmI from VBscript) with this (UAC Turned On).

这是代码，对于XP，不幸的前提是"whoami.exe"，可在XP的资源工具包或支持工具中找到(维基百科)-我仍然想找到一种不用它的方法.

Here is the code, the unfortunate pre-req for XP is "whoami.exe", found in a resource kit or support tools for XP (Wikipedia) - I'd still like to find a way to do without it.

If UserPerms("Admin") Then
 Message = "Good to go"
Else
 Message = "Non-Admin"
End If

If UACTurnedOn = true Then
 Message = Message & ", UAC Turned On"
Else
 Message = Message & ", UAC Turned Off (Or OS < Vista)"
End If

Wscript.echo Message

Function UserPerms (PermissionQuery)          
 UserPerms = False  ' False unless proven otherwise           
 Dim CheckFor, CmdToRun         

 Select Case Ucase(PermissionQuery)           
 'Setup aliases here           
 Case "ELEVATED"           
   CheckFor =  "S-1-16-12288"           
 Case "ADMIN"           
   CheckFor =  "S-1-5-32-544"           
 Case "ADMINISTRATOR"           
   CheckFor =  "S-1-5-32-544"           
 Case Else                  
   CheckFor = PermissionQuery                  
 End Select           

 CmdToRun = "%comspec% /c whoami /all | findstr /I /C:""" & CheckFor & """"  

 Dim oShell, returnValue        
 Set oShell = CreateObject("WScript.Shell")  
 returnValue = oShell.Run(CmdToRun, 0, true)     
 If returnValue = 0 Then UserPerms = True                   
End Function

Function UACTurnedOn ()
 On Error Resume Next

 Set oShell = CreateObject("WScript.Shell")
 If oShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA") = 0 Then
      UACTurnedOn = false
 Else
      UACTurnedOn = true
 End If
End Function

这篇关于检查脚本是否具有提升的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！