Looking for an If statement to check to see if a user is a local administrator

Question

Currently very noobish with powershell but learning my way around. Looking to make a script that checks to see if the user is apart of the local admin group. Currently what I have will check if the account is created and will create it and set the password and group.

#add administrator account to local machine and add to administrator group

if (Get-WmiObject Win32_UserAccount -Filter "LocalAccount='true' and Name='administrator'")

{
    Write-Host "Account already exists"
    Write-Host "Skipping account creation of local account administrator"

}

else

{
    Write-Host "creating Local Admin Account"
    Write-Host "Please Set the password for the Local Admin account to create it"
    $Password = Read-Host -AsSecureString
    New-LocalUser "Administrator" -Password $Password -FullName "Help Desk Administrator" -Description "Local Admin account"
    Add-LocalGroupMember -Group Administrators -Member administrator
    Write-Host "account administrator created"
}

However I need error checking to make sure that if the account already exists that is part of the admin group.

the current state of local admins on machines here is a mess

Answer 1

If you are looking to find out if the current user is elevated, here are two ways in PowerShell:

1. Use #requires -RunAsAdministrator. This will prevent your script from running if the current user is not elevated. This requires PowerShell 3.0 or later.

2. Ask the system at runtime if the current user is elevated; e.g.:

   $elevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
   

If you are looking for a way to manage the membership of the Administrators group, then that is a different question. Usually I recommend Group Policy for that.