In the process of setting up powershell for regular usage I found myself, much like with bash, wanting to setup some things specific to me. In the case of powershell this meant me making it act and look very like a UNIX prompt. I’ve found something I can’t really explain though.
I have discovered I’ve, on accident, implemented two different methods for checking my rights on a machine. By implement I mean copy and pasted from random places on the internet. The first one is the following function:
function get-adminuser() {
$id = [Security.Principal.WindowsIdentity]::GetCurrent()
$p = New-Object Security.Principal.WindowsPrincipal($id)
return $p.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
}
I ran into some issues with code throwing permission errors if I didn’t have admin rights though so I discovered this bit of code:
$strComputer = "."
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Group = $computer.psbase.children.find("Administrators")
$members= $Group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$Host.UI.RawUI.WindowTitle = "Windows PowerShell - " + [Environment]::UserName
$found = $false
foreach($user in $members){
if ($user = [Environment]::UserName ) {
$found = $true
}
}
My problem is those two scripts return different answers about how much privilege I actually have. I’m going to assume neither is “wrong” as much as I’m checking two different things here and i don’t understand the difference.
So, what’s the difference?
