Follow-up on "Setting color for *all* CMD shells based on admin/elevation status"

  • Article

[Updated, 2007-06-27]  

This is the (overdue) follow-up to my earlier blog post about setting the color and title of all CMD windows based on the admin/elevation status of that window.

First of all, as some commenters noted -- and as I had discovered as well -- having the COLOR command run in the CMD autorun causes strange build failures in Visual Studio (at least in C++ projects) when it invokes commands via CMD.  My workaround is to specify the COLOR command only in the branch that I don't run Visual Studio in.  E.g., I always run Visual Studio as a non-admin, so I keep the "COLOR FC" statement in the admin branch, and don't run any COLOR statement in the non-admin branch.  If you always build as an elevated/admin, then you should reverse that so that the COLOR statement runs in the non-admin branch -- or don't use COLOR to differentiate and instead just use TITLE.

[Added 2007-06-27]   It turns out that following COLOR with a single ampersand and another command makes the build problem go away!

Second, Pavel suggested a more portable test than bootcfg/bcdedit:  cacls.exe %windir%\system32\config\systemprofile.  That folder grants access only to Administrators and the SYSTEM account; cacls.exe fails with "access denied" unless you're running as elevated/admin.  I don't know whether that folder exists on Windows 2000, but the test definitely works on XP, 2003, and Vista.

[Added 2007-06-27]   But as "anonymous" points out in the comments below, FSUTIL works, too, and is a lot easier to type.

Third:  CMD on Vista already prepends the word "Administrator" in the window title if it's running with an enabled Administrators SID in its token, so it's redundant for the autorun to append it.  (Not true on XP/2003, of course.)

Fourth:  why not put the current username into the title as well?  Good idea!  I've added that to my current config.

So, now my current CMD autorun looks like this: [Updated 2007-07-05 with full path to FSUTIL]

%windir%\system32\FSUTIL.exe > nul 2> nul && (color FC & title %USERDOMAIN%\%USERNAME%) || (color 07 & title NONADMIN - %USERDOMAIN%\%USERNAME%)

One minor point is that unlike the CMD /T option, COLOR sets only the current color -- not the default color -- for the current window.  If you run the COLOR command in that window, it will revert to the default color for the window -- either the user account's default setting or that set by a /T option when the CMD was started.

So... let me go on record by saying that while Microsoft has made a lot of fine products, Windows PowerShell is the coolest and most revolutionary technology we have shipped in a very long time.  (But that's as off-topic as I'm going to get on the subject.)  PowerShell is gradually becoming my default command shell, so naturally I'd like to be able to distinguish between elevated and non-elevated instances, both with color and with the window title.  Starting with what commenters wrote on my previous post, here's what's in my $profile now:

function Get-AdminStatus
{
$id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$p = New-Object System.Security.Principal.WindowsPrincipal($id)
return $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
}

$AmIAdmin = Get-AdminStatus
if ( $AmIAdmin )
{
cmd.exe /c COLOR FC
}

# Make the window title follow the current directory
function prompt
{
'PS ' + $(Get-Location) + $(if ($nestedpromptlevel -ge 1) { '>>' }) + '> '
if ( $AmIAdmin )
{
$host.UI.RawUI.WindowTitle = "Administrator: " + $(Get-Location)
}
else
{
$host.UI.RawUI.WindowTitle = $(Get-Location)
}
}