How to find if the logged user is a admin or not?

Just saw a mail over an internal alias showing off how to find out if the currently logged on user is an admin… we make this reasonably easy in Whidbey.  



using System;

using System.Security.Principal;


class Test


    public static void Main()


        if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))


            Console.WriteLine(“I am an admin.”);





Comments (11)

  1. Mike Dimmick says:

    I hate to be a bore on this – but you’re asking the wrong question. You should be asking whether the user has either permission, through access control, or privileges, to perform whatever task. I agree that Administrators is a helpful shorthand, but don’t forget that Windows security is hugely configurable and an administrator (or otherwise privileged person!) can set it up so that, for example, Joe Schmoe User (a member of the Users group) has the privilege to set the system clock.

  2. Mike Kolitz says:

    I’m going to have to agree with the other Mike on this. While it’s handy – and quick – to be able to tell if a user is an admin, I’d prefer to see it made easier to determine if user X has permission to perform a specific task, with or without being an Admin.

  3. Brad,

    This is in v1.0:)

    Mike and Mike,

    There are thousands of tasks any user can perform. It is near impossible to determine who can do what.

    Instead, Windows has some build in roles. And each build in role has sets of pre-defined privileges. If you know which role the user is in, you can reason whether user has the privilege. Admin happens to be one of the build in roles.

  4. Thomas Lee says:

    "It is near impossible to determine who can do what. "

    And this is one of the issues with Windows security – until is IS possible, administrators have a problem to manage.

  5. Mike Kolitz says:

    "And this is one of the issues with Windows security – until is IS possible, administrators have a problem to manage."

    … and programmers will continue to write software that requires the user to run as Administrator for no valid reason whatsoever.

    I’m not suggesting that the security model in Windows bet totally rewritten (though I’m not suggesting that it should be left alone, either), but come on guys. Least privelege *has* to be embraced by everyone, even if that requires getting down to an atomic level of security rights.

    Why not start work on an object that can make this stuff easier, like:


  6. says:

    I agree with the Mikes: the Least privelege approach is the way to determine if a user can perform the task in question. Often applications just need to know whether or not a user can perform tasks X (write to file specific file or directory, change the system time) and not if she has the priveleges to modify all system settings. Using predefined roles to deduce if the user can perform the task in question might be nice and simple for the developer but it is not very user friendly as he might have the proper rights but is not a member of the admins. Since RANU is advised more and more detemine the priveleges in a more fine grained way is a requirement, not a feature 🙂

  7. Not that it matters at this point, but I agree with the Mikes and and Thomas. No need to elaborate any more, just wanted to put in my vote.

  8. RJ says:

    Maybe this horse is dead. But just dealing intelligently with runtime failures is often better than attempting to predict failure ahead of time. Remember those idiotic programs which refuse to even start because the windows version number isn’t exactly right?

  9. It gets even funnier using an international edition of Windows. For example code such as this:

    if (strcmp("administrators", lpszGroupname) == 0) ….

    makes it quite difficulty to do things even when you are a member of the administrators-group, but it’s named as "Administratorer" in Norwegian 😉

    So, please at least do a check if the user is allowed to do the operation instead of just checking the username… happily ‘administrator’ is ‘administrator’ in Norwegian as well, but ‘guest’ is ‘gjest’.