henrygab/ElevationStatus.cmd

## ElevationStatus.cmd
@echo off
setlocal enableExtensions enableDelayedExpansion
REM -
REM - Copyright Henry Gabryjelski
REM -
REM - Author:
REM -     Henry Gabryjelski
REM - Work Title:
REM -     Elevation Status Command Script
REM - License:
REM -     Creative Commons Attribution License 3.0
REM -     http://creativecommons.org/licenses/by/3.0/
REM -
IF /I "%1" == "/?" (
	call :ShowExtendedHelp
	exit /B 100
) ELSE IF /I "%1" == "-?" (
	call :ShowExtendedHelp
	exit /B 100
) ELSE IF /I "%1" == "/h" (
	call :ShowExtendedHelp
	exit /B 100
) ELSE IF /I "%1" == "-h" (
	call :ShowExtendedHelp
	exit /B 100
) ELSE IF /I NOT "%1" == "" (
	call :ShowHelp
	exit /B 100
) ELSE (
	REM - goto, not call....
	goto :Detect
)
exit /B 200

:ShowExtendedHelp
call :ShowHelpImpl
call :ShowExample
goto :eof

:ShowHelp
call :ShowHelpImpl
echo.
echo. Run with /? for extended help
echo.
goto :eof

:ShowHelpImpl
echo.
echo. Sets the error level to indicate information
echo. about the user running as administrator.
echo.
echo. If ErrorLevel is between 0 and 127 (inclusive),
echo. composed of a combination of the following values:
echo.     1): Administrators group   enabled
echo.     2): Administrators group   listed
echo.     4): reserved
echo.     8): reserved
echo.    16): High Mandatory Level   enabled
echo.    32): Medium Mandatory Level enabled
echo.    64): Low Mandatory Level    enabled
echo.
echo. ErrorLevels of 128 and higher indicate an
echo. unhandled (fatal) error....
echo.
goto :eof

:ShowExample
echo.
echo. Example - Test for High Mandatory Level
echo. --------------- ^>8 -----------------------------
echo. @echo off
echo. setlocal enableExtensions
echo. REM - Run command to set errorlevel
echo. %~dpnx0
echo. REM - save errorlevel for testing bits
echo. SET _Tx_=%%ERRORLEVEL%%
echo. REM - use the ^^ character to quote ampersand
echo. SET /A _T1_= %%_Tx_%% ^^^& 16
echo.
echo. IF "%%_T1_%%"=="16" (
echo.     echo. High Mandatory Level Found
echo. )
echo. --------------- ^>8 -----------------------------
echo.
goto :eof

:DumpReturnValue
IF "%1"=="" (
	echo. Non-zero numeric argument required
	goto :eof
)
setlocal

set /A _Tx_=%1
if %_Tx_%=="0" (
	echo. Non-zero numeric argument required
	endlocal
	goto :eof
)

echo.
echo. ErrorLevel = %1
echo.
echo. Bit:   Meaning:
set /A _T0_=  %_Tx_%  ^&     1
set /A _T1_=  %_Tx_%  ^&     2
set /A _T2_=  %_Tx_%  ^&     4
set /A _T3_=  %_Tx_%  ^&     8
set /A _T4_=  %_Tx_%  ^&    16
set /A _T5_=  %_Tx_%  ^&    32
set /A _T6_=  %_Tx_%  ^&    64
set /A _T7_=  %_Tx_%  ^&   128

if NOT "%_T7_%"=="0" (
echo. +128 Bit7 ^(ERROR CODE -- IGNORE BELOW SETTINGS^)
) ELSE (
if NOT "%_T6_%"=="0" (
echo.  +64 Bit6 ^(Low Mandatory Level^)
)
if NOT "%_T5_%"=="0" (
echo.  +32 Bit5 ^(Medium Mandatory Level^)
)
if NOT "%_T4_%"=="0" (
echo.  +16 Bit4 ^(High Mandatory Level^)
)
if NOT "%_T3_%"=="0" (
echo.   +8 Bit3 ^(reserved^)
)
if NOT "%_T2_%"=="0" (
echo.   +4 Bit2 ^(reserved^)
)
if NOT "%_T1_%"=="0" (
echo.   +2 Bit1 ^(Administrators group listed^)
)
if NOT "%_T0_%"=="0" (
echo.   +1 Bit0 ^(Administrators group enabled^)
)
)
goto :eof


:Detect
REM - relies upon:
REM - %windir%\system32\WhoAmI.exe /Groups
REM - %windir%\System32\FindStr.exe
REM - Administrators group == S-1-5-32-544
REM - Elevated == Mandatory Label\High Mandatory Level
REM -
set _WHO_=%windir%\system32\WhoAmI.exe
set _FINDSTR_=%windir%\system32\FindStr.exe

SET ReturnValue=0

REM  -----------------------------------
REM  First see if an administrator....
REM  -----------------------------------
REM  1): Administrators group listed
REM  2): Administrators group enabled

for /F "tokens=*" %%I in ('%_WHO_% /groups ^| %_FINDSTR_% /I /C:"S-1-5-32-544" ') DO @(
	REM found by %%I
	SET /A ReturnValue ^|= 1
)
for /F "tokens=*" %%I in ('%_WHO_% /groups ^| %_FINDSTR_% /I /C:"S-1-5-32-544" ^| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^|= 2
)
for /F "tokens=*" %%I in ('%_WHO_% /groups ^| %_FINDSTR_% /I /B /C:"Mandatory Label\High Mandatory Level" ^| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^|= 16
)
for /F "tokens=*" %%I in ('%_WHO_% /groups ^| %_FINDSTR_% /I /B /C:"Mandatory Label\Medium Mandatory Level" ^| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^|= 32
)
for /F "tokens=*" %%I in ('%_WHO_% /groups ^| %_FINDSTR_% /I /B /C:"Mandatory Label\Low Mandatory Level" ^| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^|= 64
)
call :DumpReturnValue %ReturnValue%
echo. %ReturnValue%
exit /B %ReturnValue%
	@echo off
	setlocal enableExtensions enableDelayedExpansion
	REM -
	REM - Copyright Henry Gabryjelski
	REM -
	REM - Author:
	REM - Henry Gabryjelski
	REM - Work Title:
	REM - Elevation Status Command Script
	REM - License:
	REM - Creative Commons Attribution License 3.0
	REM - http://creativecommons.org/licenses/by/3.0/
	REM -
	IF /I "%1" == "/?" (
	call :ShowExtendedHelp
	exit /B 100
	) ELSE IF /I "%1" == "-?" (
	call :ShowExtendedHelp
	exit /B 100
	) ELSE IF /I "%1" == "/h" (
	call :ShowExtendedHelp
	exit /B 100
	) ELSE IF /I "%1" == "-h" (
	call :ShowExtendedHelp
	exit /B 100
	) ELSE IF /I NOT "%1" == "" (
	call :ShowHelp
	exit /B 100
	) ELSE (
	REM - goto, not call....
	goto :Detect
	)
	exit /B 200

	:ShowExtendedHelp
	call :ShowHelpImpl
	call :ShowExample
	goto :eof

	:ShowHelp
	call :ShowHelpImpl
	echo.
	echo. Run with /? for extended help
	echo.
	goto :eof

	:ShowHelpImpl
	echo.
	echo. Sets the error level to indicate information
	echo. about the user running as administrator.
	echo.
	echo. If ErrorLevel is between 0 and 127 (inclusive),
	echo. composed of a combination of the following values:
	echo. 1): Administrators group enabled
	echo. 2): Administrators group listed
	echo. 4): reserved
	echo. 8): reserved
	echo. 16): High Mandatory Level enabled
	echo. 32): Medium Mandatory Level enabled
	echo. 64): Low Mandatory Level enabled
	echo.
	echo. ErrorLevels of 128 and higher indicate an
	echo. unhandled (fatal) error....
	echo.
	goto :eof

	:ShowExample
	echo.
	echo. Example - Test for High Mandatory Level
	echo. --------------- ^>8 -----------------------------
	echo. @echo off
	echo. setlocal enableExtensions
	echo. REM - Run command to set errorlevel
	echo. %~dpnx0
	echo. REM - save errorlevel for testing bits
	echo. SET _Tx_=%%ERRORLEVEL%%
	echo. REM - use the ^^ character to quote ampersand
	echo. SET /A _T1_= %%_Tx_%% ^^^& 16
	echo.
	echo. IF "%%_T1_%%"=="16" (
	echo. echo. High Mandatory Level Found
	echo. )
	echo. --------------- ^>8 -----------------------------
	echo.
	goto :eof

	:DumpReturnValue
	IF "%1"=="" (
	echo. Non-zero numeric argument required
	goto :eof
	)
	setlocal

	set /A _Tx_=%1
	if %_Tx_%=="0" (
	echo. Non-zero numeric argument required
	endlocal
	goto :eof
	)

	echo.
	echo. ErrorLevel = %1
	echo.
	echo. Bit: Meaning:
	set /A _T0_= %_Tx_% ^& 1
	set /A _T1_= %_Tx_% ^& 2
	set /A _T2_= %_Tx_% ^& 4
	set /A _T3_= %_Tx_% ^& 8
	set /A _T4_= %_Tx_% ^& 16
	set /A _T5_= %_Tx_% ^& 32
	set /A _T6_= %_Tx_% ^& 64
	set /A _T7_= %_Tx_% ^& 128

	if NOT "%_T7_%"=="0" (
	echo. +128 Bit7 ^(ERROR CODE -- IGNORE BELOW SETTINGS^)
	) ELSE (
	if NOT "%_T6_%"=="0" (
	echo. +64 Bit6 ^(Low Mandatory Level^)
	)
	if NOT "%_T5_%"=="0" (
	echo. +32 Bit5 ^(Medium Mandatory Level^)
	)
	if NOT "%_T4_%"=="0" (
	echo. +16 Bit4 ^(High Mandatory Level^)
	)
	if NOT "%_T3_%"=="0" (
	echo. +8 Bit3 ^(reserved^)
	)
	if NOT "%_T2_%"=="0" (
	echo. +4 Bit2 ^(reserved^)
	)
	if NOT "%_T1_%"=="0" (
	echo. +2 Bit1 ^(Administrators group listed^)
	)
	if NOT "%_T0_%"=="0" (
	echo. +1 Bit0 ^(Administrators group enabled^)
	)
	)
	goto :eof



	:Detect
	REM - relies upon:
	REM - %windir%\system32\WhoAmI.exe /Groups
	REM - %windir%\System32\FindStr.exe
	REM - Administrators group == S-1-5-32-544
	REM - Elevated == Mandatory Label\High Mandatory Level
	REM -
	set _WHO_=%windir%\system32\WhoAmI.exe
	set _FINDSTR_=%windir%\system32\FindStr.exe

	SET ReturnValue=0

	REM -----------------------------------
	REM First see if an administrator....
	REM -----------------------------------
	REM 1): Administrators group listed
	REM 2): Administrators group enabled

	for /F "tokens=*" %%I in ('%_WHO_% /groups ^\| %_FINDSTR_% /I /C:"S-1-5-32-544" ') DO @(
	REM found by %%I
	SET /A ReturnValue ^\|= 1
	)
	for /F "tokens=*" %%I in ('%_WHO_% /groups ^\| %_FINDSTR_% /I /C:"S-1-5-32-544" ^\| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^\|= 2
	)
	for /F "tokens=*" %%I in ('%_WHO_% /groups ^\| %_FINDSTR_% /I /B /C:"Mandatory Label\High Mandatory Level" ^\| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^\|= 16
	)
	for /F "tokens=*" %%I in ('%_WHO_% /groups ^\| %_FINDSTR_% /I /B /C:"Mandatory Label\Medium Mandatory Level" ^\| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^\|= 32
	)
	for /F "tokens=*" %%I in ('%_WHO_% /groups ^\| %_FINDSTR_% /I /B /C:"Mandatory Label\Low Mandatory Level" ^\| %_FINDSTR_% /I /C:"Enabled group"') DO @(
	REM found by %%I
	SET /A ReturnValue ^\|= 64
	)
	call :DumpReturnValue %ReturnValue%
	echo. %ReturnValue%
	exit /B %ReturnValue%